| |
| |||||||
Log-Analyse und Auswertung: Auch bei meinem PC klemmts....Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.07.2010, 13:28
| #1 |
 |  Auch bei meinem PC klemmts.... ...und auch ich hoffe, dass mir jemand hilft, den folgenden Log zu verstehen -- diverese Suchen haben mich Null weitergebracht. Und ich hoffe, dass ein testweise klicken auf "fix selected items" nicht schon irgendeinen Schaden erzeugt hat. Sorry for being so  HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:06:29, on 24.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\system32\cba\pds.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cba\xfr.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe C:\WINDOWS\stsystra.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\xxx\My Documents\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT1750559 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll O3 - Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 8985 bytes |
|
25.07.2010, 09:18
| #2 |
| |  Auch bei meinem PC klemmts.... Hm, keine Antwort -- heisst das vielleicht, dass man zum Interpretieren des Logs mehr wissen musss? Nur was?
__________________Das Problem meines Notebooks ist, dass es neulich ganz plötzlich extrem langsam geworden ist. Es lief in diesem Moment zwei Stunden unbenutzt vor sich hin und anders also sonst war eigentlich nur, dass in diesen Tagen ein Kollege Facebook intensiv genutzt hat (was ich nie nutze). Ich habe dann unter Laufwerkeigenschaften mehrmals die Aufräum- und die Defragmentierungsfunktion laufen lassen und habe möglichst scharf überflüssige Programme deinstalliert (leider war da der Audio-Treiber dabei und es war ziemlich mühsam, den im Netz wiederzufinden). Manchmal kann man nun wieder ganz passable arbeiten (beim Aufstarten allerdings dauert es immer noch ziemlich lange und wenn man z.B. Firefox startet, brennt die Festplatten-LED 1-2 Minuten, bis das Programm dann endlich erscheint). Jetzt kam zum dritten Mal (in ganz unterschiedlichen Situationen) der blaue Bildschirm mit der weissen Schrift: problem detected, windows is shutting down, attempt to execute non-executable memory -- und etwas weiter unter die Stop-Info: 0x000000FC (0x00760065, 0x31846867, 0xF79E5DE4, 0x00000000), wobei die zweite Zahl in der Klammer 0x3A487867 bzw. 0x1C5FD025 gelautet hatte. Ist das irgendein Hinweis auf Malware o.ö.? |
|
25.07.2010, 14:58
| #3 |
| /// Malware-holic   | Auch bei meinem PC klemmts.... erzähl doch ma worin dein problem besteht.
__________________ |
|
25.07.2010, 15:04
| #4 |
| | Auch bei meinem PC klemmts.... Mein Problem besteht eben darin, dass das Gerät bisweilen irgendwie merkwürdig beschäftigt ist (in den Prozessen kann ich allerdings nichts verdächtiges entdecken, allerdings weiss ich eben auch nicht wirklich, worauf ich achten soll) und dauerhafter Zugriff auf die Festplatte stattfindet -- und schon dreimal der beschriebene Systemabsturz ("attempt to execute non-executable memory") passiert ist. Kann das etwas mit den Themen zu tun haben, die Gegenstand dieses Forums sind? |
|
25.07.2010, 15:23
| #5 |
| /// Malware-holic | Auch bei meinem PC klemmts.... sehen wir bald :-) download malwarebytes: Malwarebytes instalieren, updaten, über die registerkarte aktualisierung. dann schalte alles an laufenden programmen ab, auch antivirus. trenne die internetverbindung, in dem du wlan abschaltest, bzw das netzwerkkabel ziehst. starte nun nen komplett scan, funde löschen, log nach aktivierung von internet und antivirus posten. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide |
|
25.07.2010, 22:05
| #6 |
| | Auch bei meinem PC klemmts.... Herzlichen Dank für den Tip. War der zweite Teil (OTL) als zweiter Schritt oder als (verzichtbare) Alternative gemeint? Den ersten Teil habe ich durchgeführt (s.u.). Zwar wurde ein Treffer erzielt, aber irgendwie klang das zu harmlos, als das der wirkliche Grund für die Abstürze sein kann, oder? Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4346 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 25.07.2010 22:02:01 mbam-log-2010-07-25 (22-02-01).txt Scan type: Full scan (C:\|) Objects scanned: 175407 Time elapsed: 3 hour(s), 3 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\D3DX8ab.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. |
|
26.07.2010, 11:18
| #7 |
| /// Malware-holic | Auch bei meinem PC klemmts.... nein als zweiter schritt :-) |
|
27.07.2010, 19:41
| #8 |
| | Auch bei meinem PC klemmts.... So, jetzt ist auch der zweite Schritt getan und natürlich bin ich gespannt, ob jemand aus diesen Report irgendetwas ablesen kann -- ich verstehe nur Bahnhof... OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.07.2010 19:20:12 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\York\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy 1'014.00 Mb Total Physical Memory | 447.00 Mb Available Physical Memory | 44.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 3000 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.89 Gb Total Space | 27.66 Gb Free Space | 49.49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YORK-9F8D73CD96 Current User Name: York Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\York\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft) PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd) PRC - C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation) PRC - C:\Program Files\NavNT\vptray.exe (Symantec Corporation) PRC - C:\Program Files\NavNT\defwatch.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\CBA\XFR.EXE (Intel Corporation) PRC - C:\WINDOWS\system32\CBA\PDS.EXE (Intel Corporation) PRC - C:\WINDOWS\system32\MSGSYS.EXE (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\York\My Documents\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation) MOD - C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll (Nuance Communications, Inc.) ========== Win32 Services (SafeList) ========== SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) SRV - (Norton AntiVirus Server) -- C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation) SRV - (DefWatch) -- C:\Program Files\NavNT\defwatch.exe (Symantec Corporation) SRV - (Intel File Transfer) -- C:\WINDOWS\system32\CBA\XFR.EXE (Intel Corporation) SRV - (Intel PDS) -- C:\WINDOWS\system32\CBA\PDS.EXE (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (WDC_SAM) -- C:\WINDOWS\System32\DRIVERS\wdcsam.sys File not found DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVENG.SYS (Symantec Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation) DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVAP) -- C:\Program Files\NavNT\navap.sys () DRV - (NAVAPEL) -- C:\Program Files\NavNT\Navapel.sys () DRV - (QCEmerald) -- C:\WINDOWS\system32\drivers\OVCE.sys (Microsoft Corporation) DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\OVSound2.sys (Microsoft Corporation) DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-152049171-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKU\S-1-5-21-507921405-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.073 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.24 16:44:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 00:40:09 | 000,000,000 | ---D | M] [2010.02.26 22:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Mozilla\Extensions [2010.07.26 01:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Mozilla\Firefox\Profiles\9j6o0a3c.default\extensions [2010.07.25 22:44:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\York\Application Data\Mozilla\Firefox\Profiles\9j6o0a3c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.13 21:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\York\Application Data\Mozilla\Firefox\Profiles\9j6o0a3c.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2010.07.26 01:15:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.05.29 11:55:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.29 11:55:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\Mozilla Firefox\plugins\npmieze.dll [2010.07.05 15:01:59 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.05 15:01:59 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.14 22:56:09 | 000,000,143 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxsearch.src [2010.07.05 15:01:59 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.05 15:02:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.05 15:02:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-152049171-1606980848-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-507921405-152049171-1606980848-1003\..\Toolbar\WebBrowser: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation) O4 - HKU\S-1-5-21-507921405-152049171-1606980848-1003..\Run: [GBMLite8AgentLaCie] C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft) O4 - HKU\S-1-5-21-507921405-152049171-1606980848-1003..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\York\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-507921405-152049171-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll () O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.12 19:10:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{73553f62-6b08-11df-9c05-00188ba89ece}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902053519425536) ========== Files/Folders - Created Within 30 Days ========== [2010.07.25 17:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Application Data\Malwarebytes [2010.07.25 17:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.07.24 17:01:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010.07.24 16:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.07.24 11:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Application Data\Uniblue [2010.07.18 19:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\My Documents\=Katja= [2010.07.18 18:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.07.14 23:23:05 | 000,339,968 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe [2010.07.14 23:21:34 | 000,172,032 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacapi.dll [2010.07.14 22:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010.07.14 22:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Application Data\Gutscheinmieze [2010.07.14 18:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\IDT [2010.07.14 18:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel [2010.07.14 18:35:54 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe [2010.07.13 21:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google [2010.07.09 17:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010.07.05 16:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Application Data\Google [2010.07.05 16:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010.07.05 16:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Local Settings\Application Data\Temp [2010.07.05 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010.07.05 16:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Local Settings\Application Data\Google [2010.07.05 12:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\MaxPunkte 6 [2010.07.05 12:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\My Documents\MaxPunkte [2010.07.05 12:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MaxPunkte [2010.06.28 14:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix [2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.27 18:23:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.27 18:22:20 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk [2010.07.27 18:21:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.27 18:21:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.27 18:21:05 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys [2010.07.26 01:49:19 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\York\NTUSER.DAT [2010.07.26 01:49:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\York\ntuser.ini [2010.07.25 00:45:17 | 000,000,614 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.25 00:45:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.25 00:45:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.07.24 16:34:45 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\York\Desktop\CCleaner.lnk [2010.07.22 19:07:38 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\York\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.11 09:54:56 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\York\Desktop\PowerPoint 2007.lnk [2010.07.08 13:09:07 | 000,211,968 | ---- | M] () -- C:\Documents and Settings\York\My Documents\FormResearchPlan[1]_tb100707_knk.doc [2010.07.06 22:49:29 | 002,279,936 | ---- | M] () -- C:\Documents and Settings\York\My Documents\Copy of WM Tippspiel_Halbfinals.xls [2010.07.06 14:04:04 | 002,279,424 | ---- | M] () -- C:\Documents and Settings\York\My Documents\Copy of WM Tippspiel.xls [2010.07.06 13:51:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\York\Desktop\Office Excel 2007.lnk [2010.07.01 21:51:43 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\York\My Documents\JobDescription YL -- Version Jul2010.doc [2010.06.28 14:44:48 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\York\g2mdlhlpx.exe [2010.06.27 22:59:41 | 000,493,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.27 22:59:41 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.27 22:59:41 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.25 00:45:17 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\York\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2010.07.24 16:34:45 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\York\Desktop\CCleaner.lnk [2010.07.18 18:59:55 | 000,211,968 | ---- | C] () -- C:\Documents and Settings\York\My Documents\FormResearchPlan[1]_tb100707_knk.doc [2010.07.06 22:49:29 | 002,279,936 | ---- | C] () -- C:\Documents and Settings\York\My Documents\Copy of WM Tippspiel_Halbfinals.xls [2010.07.01 20:33:35 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\York\My Documents\JobDescription YL -- Version Jul2010.doc [2010.06.28 14:44:47 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\York\g2mdlhlpx.exe [2010.04.24 10:58:37 | 000,000,065 | ---- | C] () -- C:\WINDOWS\Maus2.INI [2010.02.28 18:47:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI [2010.02.28 18:38:30 | 000,000,244 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.02.28 18:32:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2010.02.28 18:13:17 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2010.02.28 18:12:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2010.02.27 19:22:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2010.02.27 19:22:29 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2010.02.27 19:22:29 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2010.02.27 19:22:29 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2010.02.27 19:22:29 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1430.ini [2010.02.27 19:22:29 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2010.02.27 19:22:29 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2010.02.27 19:22:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BROHL143.INI [2010.02.27 19:22:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2010.02.27 19:22:28 | 000,013,109 | ---- | C] () -- C:\WINDOWS\HL-1430.INI [2010.02.27 19:22:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2010.02.27 19:22:17 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2010.02.27 19:22:16 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2010.02.27 17:39:07 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2010.02.12 21:06:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2010.02.12 21:06:06 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2010.02.12 20:01:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll [2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2001.09.24 08:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll [1997.06.06 11:08:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL ========== LOP Check ========== [2010.03.08 22:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010.02.27 17:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2010.03.13 18:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital [2010.02.15 14:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2010.05.29 22:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\BSplayer [2010.05.29 22:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\BSplayer Pro [2010.02.27 18:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Canon [2010.07.24 16:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Delicious IE Extension [2010.04.23 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\FileZilla [2010.06.03 20:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Genie-soft [2010.07.20 22:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Gutscheinmieze [2010.04.03 10:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Information Factory [2010.02.28 18:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Panasonic [2010.02.27 17:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\ScanSoft [2010.07.24 11:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Uniblue ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2010.02.27 19:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2010.03.08 22:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010.07.13 21:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2010.02.27 17:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2010.07.25 17:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010.07.13 21:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2010.02.12 20:59:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010.02.12 21:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2010.02.27 17:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2010.02.15 13:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2010.03.08 21:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson [2010.03.13 18:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010.02.28 18:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2010.03.13 18:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital [2010.03.29 21:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.06.05 21:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Adobe [2010.03.13 21:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\AdobeUM [2010.05.29 22:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\BSplayer [2010.05.29 22:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\BSplayer Pro [2010.02.27 18:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Canon [2010.07.24 16:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Delicious IE Extension [2010.04.23 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\FileZilla [2010.06.03 20:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Genie-soft [2010.07.05 16:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Google [2010.07.20 22:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Gutscheinmieze [2010.02.12 19:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Identities [2010.04.03 10:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Information Factory [2010.02.28 18:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\InstallShield [2010.02.28 14:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Macromedia [2010.07.25 17:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Malwarebytes [2010.06.05 15:18:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\York\Application Data\Microsoft [2010.02.26 22:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Mozilla [2010.02.28 18:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Panasonic [2010.02.27 17:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\ScanSoft [2010.03.13 18:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Sun [2010.07.24 11:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Uniblue < %APPDATA%\*.exe /s > [2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\AC3 Filter\ac3config.exe [2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\AC3 Filter\spdif_test.exe [2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\AC3 Filter\unins000.exe [2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\FFDShow\unins000.exe [2009.11.14 19:11:36 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\Haali media splitter\dsmux.exe [2009.11.14 19:33:40 | 000,357,888 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\Haali media splitter\gdsmux.exe [2009.11.14 19:11:36 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\Haali media splitter\mkv2vfr.exe [2010.02.23 16:00:42 | 000,042,288 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\Haali media splitter\uninstall.exe [2010.04.12 14:33:56 | 000,825,344 | ---- | M] (Synatix GmbH) -- C:\Documents and Settings\York\Application Data\Gutscheinmieze\uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 10:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 10:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2009.01.04 18:43:34 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=F113CB0CD335B41D55AB7803ECAD7739 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\Core\EventLog.dll < MD5 for: IASTOR.SYS > [2008.05.08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\WINDOWS\Dell\Intel\IaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVGTS.SYS > [2008.01.21 20:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.02.12 10:52:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.02.12 10:52:08 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.02.12 10:52:07 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
27.07.2010, 19:56
| #9 |
| /// Malware-holic | Auch bei meinem PC klemmts.... Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found O4 - HKLM..\Run: [CmPCIaudio] File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found :Files O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O33 - MountPoints2\{73553f62-6b08-11df-9c05-00188ba89ece}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten nutze den ccleaner, bereinige dateien + registry: http://www.trojaner-board.de/51464-a...-ccleaner.html bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
27.07.2010, 20:50
| #10 |
| | Auch bei meinem PC klemmts.... Danke für die Antwort -- bevor ich das mache, hier aber noch eine Frage: Inzwischen kam eine Meldung von Norton AntiVirus: Prüfungstyp: Echtzeitschutz Prüfung Ereignis: Virus festgestellt! Virusname: Bloodhound.MalPE Datei: C:\System Volume Information\_restore{FBB22C24-B5D2-43B4-8F4F-81EC7A20B631}\RP94\A0018844.dll Ablageort: Isolieren Computer: YORK-9F8D73CD96 Benutzer: SYSTEM Durchgeführte Aktion: Säubern fehlgeschlagen : Isolieren erfolgreich : Zugriff verweigert Gefundenes Datum: Tue Jul 27 21:03:10 2010 Eine solche Meldung habe ich ewig nicht mehr (noch nie?) bekommen. Gibt es einen Zusammenhang? Soll ich den OTL-Fix dennoch durchführen? Danke für die Hilfen!!! |
|
27.07.2010, 22:45
| #11 |
| | Auch bei meinem PC klemmts.... Oups, da war ja noch der zweite (für mich ebenso unverständliche) OTL-Report -- aber die Frage bleibt: unabhängig von der Virusmeldung nun als nächstes den OTL-Fix durchführen? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.07.2010 19:20:12 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\York\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
1'014.00 Mb Total Physical Memory | 447.00 Mb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 27.66 Gb Free Space | 49.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YORK-9F8D73CD96
Current User Name: York
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-507921405-152049171-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Brother HL-1430" = Brother HL-1430
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Delicious Add-on for Internet Explorer" = Delicious Add-on for Internet Explorer
"DW WLAN Card Utility" = DW WLAN Card Utility
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.7.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"MaxPunkte_is1" = MaxPunkte Ver. 6.2.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"WebmailSync_is1" = WebmailSync 1.17
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.06.2010 16:15:08 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 10.06.2010 16:15:09 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 10.06.2010 16:15:10 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 10.06.2010 16:15:10 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 11.06.2010 16:54:36 | Computer Name = YORK-9F8D73CD96 | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1705.A
previous installation for this product is in progress. You must undo the changes
made by that installation to continue. Do you want to undo those changes?
Error - 17.06.2010 16:53:03 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 17.06.2010 16:53:03 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 17.06.2010 16:53:04 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 17.06.2010 16:53:04 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 27.06.2010 12:35:27 | Computer Name = YORK-9F8D73CD96 | Source = McLogEvent | ID = 5051
Description =
[ System Events ]
Error - 18.07.2010 11:45:19 | Computer Name = YORK-9F8D73CD96 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 18.07.2010 15:21:08 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 18.07.2010 15:21:08 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 18.07.2010 15:21:10 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 18.07.2010 15:21:10 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 18.07.2010 15:21:13 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 18.07.2010 15:21:13 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 20.07.2010 11:23:47 | Computer Name = YORK-9F8D73CD96 | Source = System Error | ID = 1003
Description = Error code 000000fc, parameter1 00760065, parameter2 3a487867, parameter3
f79e5de4, parameter4 00000000.
Error - 22.07.2010 12:50:06 | Computer Name = YORK-9F8D73CD96 | Source = System Error | ID = 1003
Description = Error code 000000fc, parameter1 00760065, parameter2 1c5fd025, parameter3
f79e5de4, parameter4 00000000.
Error - 24.07.2010 04:02:49 | Computer Name = YORK-9F8D73CD96 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 84.75.63.88 on
the Network Card with network address 00188BA89ECE.
< End of report >
|
|
28.07.2010, 13:02
| #12 |
| /// Malware-holic | Auch bei meinem PC klemmts.... es sieht nach nem exploit aus, wird übers internet eingeschläust und kann, falls die entsprechende sicherheitslücke nicht geschlossen ist, wirksam werden. bis jetzt habe ich noch nicht viel beunruhigendes gesehen. erst mal weiter mit dem otl fix, dann CCleaner und dann combofix |
|
28.07.2010, 19:41
| #13 |
| | Auch bei meinem PC klemmts.... Also dann, hier ist der Report vom OTL fix: All processes killed Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context! Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context! Error: Unable to interpret <%APPDATA%\*.> in the current context! Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context! Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context! Error: Unable to interpret </md5start> in the current context! Error: Unable to interpret <userinit.exe> in the current context! Error: Unable to interpret <eventlog.dll> in the current context! Error: Unable to interpret <scecli.dll> in the current context! Error: Unable to interpret <netlogon.dll> in the current context! Error: Unable to interpret <cngaudit.dll> in the current context! Error: Unable to interpret <ws2ifsl.sys> in the current context! Error: Unable to interpret <sceclt.dll> in the current context! Error: Unable to interpret <ntelogon.dll> in the current context! Error: Unable to interpret <logevent.dll> in the current context! Error: Unable to interpret <iaStor.sys> in the current context! Error: Unable to interpret <nvstor.sys> in the current context! Error: Unable to interpret <atapi.sys> in the current context! Error: Unable to interpret <IdeChnDr.sys> in the current context! Error: Unable to interpret <viasraid.sys> in the current context! ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CmPCIaudio not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. ========== FILES ========== File\Folder O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found not found. File\Folder O4 - HKLM..\Run: [] File not found not found. File\Folder O4 - HKLM..\Run: [KernelFaultCheck] File not found not found. File\Folder O33 - MountPoints2\{73553f62-6b08-11df-9c05-00188ba89ece}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found not found. File\Folder O34 - HKLM BootExecute: (autocheck autochk *) - File not found not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService |
|
28.07.2010, 19:57
| #14 |
| /// Malware-holic | Auch bei meinem PC klemmts.... das war nicht der otl fix, der steht in post9 |
|
28.07.2010, 22:27
| #15 |
| | Auch bei meinem PC klemmts.... Hm, ich meinte den "Extra"-Report und dachte das sei der Fixing-Report. Jedenfalls ist es der zweite der von OTL produzierten Berichte. Und hier ist noch der Bericht nach ComboBox: Combofix Logfile: Code:
ATTFilter ComboFix 10-07-27.05 - York 28.07.2010 23:11:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.616 [GMT 2:00]
Running from: c:\documents and settings\York\My Documents\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\hpe43.dll
c:\documents and settings\York\g2mdlhlpx.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.
2010-07-28 18:38 . 2010-07-28 18:38 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-28 18:37 . 2010-07-28 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-28 17:55 . 2010-07-28 17:55 -------- d-----w- C:\_OTL
2010-07-25 15:20 . 2010-07-25 15:20 -------- d-----w- c:\documents and settings\York\Application Data\Malwarebytes
2010-07-25 15:19 . 2010-07-25 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-24 14:34 . 2010-07-24 14:34 -------- d-----w- c:\program files\CCleaner
2010-07-24 09:36 . 2010-07-24 09:36 -------- d-----w- c:\documents and settings\York\Application Data\Uniblue
2010-07-18 16:26 . 2010-07-18 16:44 -------- d-----w- c:\windows\system32\NtmsData
2010-07-14 21:23 . 2005-03-22 15:20 339968 ----a-w- c:\windows\stsystra.exe
2010-07-14 21:21 . 2005-11-16 13:35 172032 ----a-w- c:\windows\system32\stacapi.dll
2010-07-14 20:56 . 2010-07-14 20:56 -------- d-----w- c:\program files\Lavalys
2010-07-14 20:55 . 2010-04-12 12:33 825344 ----a-w- c:\documents and settings\York\Application Data\Gutscheinmieze\uninstall.exe
2010-07-14 20:55 . 2010-07-20 20:42 -------- d-----w- c:\documents and settings\York\Application Data\Gutscheinmieze
2010-07-14 16:54 . 2010-07-14 16:54 -------- d-----w- c:\program files\IDT
2010-07-14 16:36 . 2010-07-14 21:21 -------- d-----w- c:\program files\SigmaTel
2010-07-14 16:35 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-09 15:49 . 2010-07-09 15:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-05 14:40 . 2010-07-05 14:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-05 14:40 . 2010-07-05 14:43 -------- d-----w- c:\documents and settings\York\Local Settings\Application Data\Temp
2010-07-05 14:39 . 2010-07-13 19:46 -------- d-----w- c:\program files\Google
2010-07-05 14:39 . 2010-07-13 19:01 -------- d-----w- c:\documents and settings\York\Local Settings\Application Data\Google
2010-07-05 10:09 . 2010-07-05 10:09 -------- d-----w- c:\program files\MaxPunkte 6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 14:43 . 2010-04-13 18:49 -------- d-----w- c:\documents and settings\York\Application Data\Delicious IE Extension
2010-07-14 21:21 . 2010-02-12 17:49 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-14 19:11 . 2010-07-14 16:54 1164 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-07-13 19:26 . 2010-02-15 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-13 19:04 . 2010-06-28 12:47 -------- d-----w- c:\program files\Citrix
2010-06-14 14:31 . 2010-02-12 17:07 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-03 18:56 . 2010-06-03 18:56 -------- d-----w- c:\documents and settings\York\Application Data\Genie-soft
2010-05-29 09:57 . 2010-05-29 09:57 503808 ----a-w- c:\documents and settings\York\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fb71b64-n\msvcp71.dll
2010-05-29 09:57 . 2010-05-29 09:57 12800 ----a-w- c:\documents and settings\York\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6150a534-n\decora-d3d.dll
2010-05-29 09:57 . 2010-05-29 09:57 61440 ----a-w- c:\documents and settings\York\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6150a534-n\decora-sse.dll
2010-05-29 09:57 . 2010-05-29 09:57 499712 ----a-w- c:\documents and settings\York\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fb71b64-n\jmc.dll
2010-05-29 09:57 . 2010-05-29 09:57 348160 ----a-w- c:\documents and settings\York\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fb71b64-n\msvcr71.dll
2010-05-29 09:55 . 2010-05-29 09:55 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"GBMLite8AgentLaCie"="c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"vptray"="c:\program files\NavNT\vptray.exe" [2001-09-26 73728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GBMLite8AgentLaCie"="c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\York\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2010-2-27 25214]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-28 113664]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [27.02.2010 19:28 31872]
S0 cerc6;cerc6; [x]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [08.03.2010 21:41 90112]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [08.03.2010 21:42 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [08.03.2010 21:42 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [08.03.2010 21:42 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [08.03.2010 21:42 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [08.03.2010 21:42 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [08.03.2010 21:42 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [08.03.2010 21:42 109736]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - NAVAP
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\York\Application Data\Mozilla\Firefox\Profiles\9j6o0a3c.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmieze.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-mcmscsvc
SafeBoot-MCODS
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2010-07-28 23:21:38
ComboFix-quarantined-files.txt 2010-07-28 21:21
Pre-Run: 30'241'484'800 bytes free
Post-Run: 30'206'939'136 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 6ACD5BCC10318849071C97A7527AE51C
|
|
| Themen zu Auch bei meinem PC klemmts.... |
| .com, adobe, antivirus, bho, browser, excel, explorer, firefox, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, jusched.exe, log, microsoft, mozilla, object, pdf, plug-in, server, software, speedupmypc, suche, symantec, system, windows, windows xp, wlan, {dfefcdee-cf1a-4fc8-88ad-48514e463b27} |
Linear-Darstellung
