| |
| |||||||
Log-Analyse und Auswertung: Trojaner irgendwo im system... Verschiedene Logs ausgeführt...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.08.2010, 23:17
| #1 |
| |  Trojaner irgendwo im system... Verschiedene Logs ausgeführt... So, da bin ich jetzt.. Habe bereits in eine anderen Forum nachgefragt, aber da kam nur ein Chaos raus.. Zwei von hier haben mir jetzt geraten hier her zu kommen und da bin ich. Werde jetzt mal kurz mein Problem schildern: Meine Tochter war Ende Juli im Spieleaffe.de währenddessen hat der Antivir angeschalgen und ein TR hat versucht auf mein System zu greifen. Hab in dann in die Quarantäne gestellt. Da ich aber nur ein Laie bin und dann nicht weiter wusste und auch nicht einfach was löschen wollte suchte ich Hilfe... So und jetzt mache ich bei den Schritten hier weiter, wo man mir angeraten hat.. Danke an Larusso... SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 08/11/2010 at 10:36 PM Application Version : 4.41.1000 Core Rules Database Version : 5346 Trace Rules Database Version: 3158 Scan type : Complete Scan Total Scan Time : 00:57:01 Memory items scanned : 617 Memory threats detected : 0 Registry items scanned : 13722 Registry threats detected : 0 File items scanned : 41608 File threats detected : 27 Adware.Tracking Cookie C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@msnportal.112.2o7[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@apmebf[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@tradedoubler[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@content.yieldmanager[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@traffictrack[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@traffictrack[2].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@ad.zanox[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@webmasterplan[2].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@e-2dj6wckiggajchp.stats.esomniture[2].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@ad.adc-serv[2].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@ad.yieldmanager[2].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@tracking.quisma[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@adfarm1.adition[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@www.etracker[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@atdmt[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@adtech[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@deutschepostag.112.2o7[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@doubleclick[2].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@invitemedia[2].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@media6degrees[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@msnaccountservices.112.2o7[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@rotator.adjuggler[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@tracking.mindshare[2].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@unitymedia[2].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@zanox-affiliate[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@zanox[1].txt C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Cookies\Low\anja@zanox[3].txt |
|
11.08.2010, 23:19
| #2 |
| /// Selecta Jahrusso   |  Trojaner irgendwo im system... Verschiedene Logs ausgeführt... gombjudär hilfän rulez  Poste mal die offene ESET Log und checkup.txt
__________________ |
|
11.08.2010, 23:21
| #3 |
| | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... hi du, mom bin noch nicht soweit...
__________________Keine Ahung wie lang das noch geht. Bei mir runtergeladen habe ich jetzt, und jetzt wird wieder gescannt.. Zeit braucht man ja ohne Ende, wenn man mal ein Problem mit dem Lap hat... Ich mach alles fertig, und dann könnt ihr morgen nochmal schaun.. Langsam werde ich auch müde... DANKE Nochmal.. Bin jetzt übrigens erst bei 8% also geht noch ne Weile... |
|
11.08.2010, 23:45
| #4 |
| /// Selecta Jahrusso | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... das dauert auch ne weile 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
11.08.2010, 23:48
| #5 |
| | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... ich merke es *gähn* naja, irgendwann muss es auch ferig sein. Zur Hälfte ist es gleich soweit.. ok, mir geht das zu lange... lass das über Nacht laufen, und stell es morgen ein... Hallo, habe jetzt das mit dem Eset heute Nacht gemacht.. Hatte bis heute morgen nichts gefunden, dann auf finish... So, und jetzt habe ich versucher den Eset Online Scanner irgendwo zu finden aber ich find ihn nicht.. Hab jetzt ewig gesucht.. Kann auf das Programm Eset gar nicht zu greifen, kann es nur Deinstallieren, da ich es nur da finde... Also niergends in den Programmen oder so... Was soll ich jetzt tun?? Nochmal von vorne anfangen??? |
|
12.08.2010, 20:54
| #6 |
| /// Selecta Jahrusso | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... Wurde was gefunden ? checkup.txt fehlt mir noch
__________________ --> Trojaner irgendwo im system... Verschiedene Logs ausgeführt... |
|
12.08.2010, 21:15
| #7 |
| | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... Results of screen317's Security Check version 0.99.5 Windows Vista (UAC is enabled) Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 McAfee Security Scan Plus WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 Java(TM) 6 Update 20 Java(TM) 6 Update 6 Out of date Java installed! Adobe Flash Player 10.1.82.76 Adobe Reader 9.1.3 - Deutsch Out of date Adobe Reader installed! Mozilla Firefox (3.6.8) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSASCui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Windows Defender MSASCui.exe ```````````````````````````````` DNS Vulnerability Check: Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?) ``````````End of Log```````````` so, das ist der Checkup... Der eset hat keinen Fund gehabt... So, und was siehst du da?? |
|
12.08.2010, 22:54
| #8 |
| /// Selecta Jahrusso | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... Schritt 1 Besuche bitte die Microsoft-Update-Seite und lade Dir alle Updates unter Benutzerdefiniert herunter Mache das so lange bis du nichts mehr angeboten bekommst Du musst dafür mit den Internet Explorer ins Netz gehen Wenn du dies mit FireFox durchführen willst musst Du vorher das Addon IE View installieren Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter Als alternative würde ich dir den schlankeren Foxit Reader empfehlen  Schritt 3 Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
Schritt 4 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Bitte poste in deiner nächsten Antwort OTL.txt Extras.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
13.08.2010, 10:25
| #9 |
| | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... Hallo Daniel. werde ich dann heute Abend wieder machen... Danke für deine Hilfe... LG ANJA |
|
16.08.2010, 20:02
| #10 |
| | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... so, hier OTL.Txt TL logfile created on: 16.08.2010 19:50:51 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = c:\Users\Anja\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,71 Gb Total Space | 191,24 Gb Free Space | 66,70% Space Free | Partition Type: NTFS Drive D: | 11,38 Gb Total Space | 1,86 Gb Free Space | 16,39% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 968,47 Mb Total Space | 510,33 Mb Free Space | 52,69% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANJA-PC Current User Name: Anja Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - c:\Users\Anja\Downloads\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\T-Mobile Internet Manager 03\UIMain.exe () PRC - C:\Program Files (x86)\T-Mobile Internet Manager 03\CMUpdater.exe () PRC - C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe () PRC - C:\Program Files (x86)\T-Mobile Internet Manager 03\UIExec.exe () PRC - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) PRC - C:\WINDOWS\SMINST\BLService.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - c:\Users\Anja\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (IDT, Inc.) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (vfsFPService) -- C:\Windows\SysNative\vfsFPService.exe (Validity Sensors, Inc.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UI Assistant Service) -- C:\Program Files (x86)\T-Mobile Internet Manager 03\AssistantServices.exe () SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe () SRV - (QPCapSvc) QuickPlay Background Capture Service (QBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () SRV - (QPSched) QuickPlay Task Scheduler (QTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe () SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (vfsFPService) -- C:\WINDOWS\SysWOW64\vfsFPService.exe (Validity Sensors, Inc.) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ezSharedSvc) -- C:\WINDOWS\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys File not found DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (acedrv06) -- C:\Windows\SysNative\drivers\acedrv06.sys () DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (AVerAF15) -- C:\Windows\SysNative\Drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (vfs101a) -- C:\Windows\SysNative\drivers\vfs101a.sys (Validity Sensors, Inc.) DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation) DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (TFsExDisk) -- C:\WINDOWS\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP Notebook | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP Notebook | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Notebook | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2009.03.26 13:46:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.10 20:53:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.15 19:51:46 | 000,000,000 | ---D | M] [2009.06.09 12:19:29 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\mozilla\Extensions [2009.06.04 06:30:50 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\extensions [2009.06.04 06:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.08.15 20:36:56 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\akuyxn62.default\extensions [2010.05.25 09:20:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\akuyxn62.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.13 19:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\akuyxn62.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.12 17:46:52 | 000,000,950 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\FireFox\Profiles\akuyxn62.default\searchplugins\icqplugin-1.xml [2009.12.17 21:45:01 | 000,000,950 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\FireFox\Profiles\akuyxn62.default\searchplugins\icqplugin-2.xml [2010.01.18 07:24:32 | 000,000,950 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\FireFox\Profiles\akuyxn62.default\searchplugins\icqplugin-3.xml [2010.08.13 19:55:57 | 000,000,950 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\FireFox\Profiles\akuyxn62.default\searchplugins\icqplugin-4.xml [2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\FireFox\Profiles\akuyxn62.default\searchplugins\icqplugin.xml [2010.08.15 16:45:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009.10.23 21:25:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.15 16:45:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.08.15 16:45:19 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.08.10 20:53:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.08.10 20:53:40 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.08.10 20:53:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.08.10 20:53:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.08.10 20:53:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [eBayToolbar] C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\T-Mobile Internet Manager 03\UIExec.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8:64bit: - Extra context menu item: Suche - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.) O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Suche - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\WINDOWS\SysWOW64\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\WINDOWS\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.16 19:34:06 | 000,150,784 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys [2010.08.16 19:34:06 | 000,150,656 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys [2010.08.16 19:34:06 | 000,150,656 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys [2010.08.16 19:34:06 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys [2010.08.16 19:34:02 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bmutil.dll [2010.08.16 19:34:02 | 000,471,040 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bmnet.dll [2010.08.16 19:34:02 | 000,294,912 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bminstall.dll [2010.08.16 19:34:02 | 000,126,976 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bmdumpd.bin [2010.08.16 19:34:02 | 000,022,528 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\drivers\BMLoad.sys [2010.08.16 19:34:02 | 000,018,816 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\drivers\tcpipBM.sys [2010.08.16 19:34:02 | 000,008,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sporder.dll [2010.08.16 19:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\T-Mobile Internet Manager 03 [2010.08.16 16:07:59 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2010.08.16 16:06:04 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Program Files (x86) [2010.08.15 16:45:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.08.15 16:45:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.08.15 16:45:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.08.15 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Google [2010.08.15 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Google [2010.08.15 10:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.08.15 10:26:41 | 000,000,000 | ---D | C] -- C:\Programme\Google [2010.08.15 10:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2010.08.15 10:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010.08.14 21:35:36 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2010.08.14 21:35:36 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2010.08.14 21:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2010.08.14 21:34:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.08.14 19:59:35 | 000,042,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2010.08.14 18:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010.08.14 18:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010.08.14 17:41:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2010.08.14 17:41:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2010.08.14 17:39:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll [2010.08.14 17:39:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll [2010.08.14 17:39:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll [2010.08.14 17:39:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll [2010.08.14 17:39:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll [2010.08.14 17:39:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll [2010.08.14 17:39:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll [2010.08.14 17:39:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll [2010.08.14 17:39:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe [2010.08.14 17:39:21 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe [2010.08.14 17:39:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe [2010.08.14 17:39:16 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll [2010.08.14 17:39:16 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe [2010.08.14 17:39:16 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll [2010.08.14 17:39:16 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll [2010.08.14 17:39:16 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe [2010.08.14 17:39:16 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll [2010.08.14 17:39:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll [2010.08.14 17:39:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll [2010.08.14 17:39:16 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe [2010.08.14 17:39:16 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe [2010.08.14 17:39:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe [2010.08.14 17:39:09 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll [2010.08.14 17:39:09 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll [2010.08.14 17:39:09 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe [2010.08.14 17:39:09 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll [2010.08.14 17:39:09 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll [2010.08.14 17:39:09 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe [2010.08.14 17:39:09 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll [2010.08.14 17:39:09 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll [2010.08.14 17:39:09 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll [2010.08.14 17:39:09 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll [2010.08.14 17:37:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2010.08.14 12:57:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.14 12:56:38 | 000,000,000 | ---D | C] -- C:\238afbf6d3a09a423884a638 [2010.08.13 22:33:34 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.08.13 22:33:32 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.08.13 22:33:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.08.13 22:33:32 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.08.13 22:33:32 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2010.08.13 22:33:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010.08.13 22:33:31 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2010.08.13 22:33:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010.08.13 22:33:31 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.08.13 22:33:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010.08.13 22:33:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.08.13 22:33:31 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.08.13 22:33:31 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2010.08.13 22:33:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010.08.13 22:33:31 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2010.08.13 22:33:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010.08.13 22:33:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2010.08.13 22:33:31 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2010.08.13 22:33:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010.08.13 22:33:31 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2010.08.13 22:33:31 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010.08.13 22:33:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.08.13 22:33:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.08.13 22:22:40 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.08.13 22:22:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.08.13 22:22:28 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.08.13 19:45:38 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\ICQ [2010.08.13 19:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2 [2010.08.13 19:33:37 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.08.11 23:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010.08.11 21:22:23 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\SUPERAntiSpyware.com [2010.08.11 21:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.08.11 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2010.08.11 21:22:14 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.08.11 18:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.08.11 18:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.08.10 12:01:01 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Malwarebytes [2010.08.10 12:00:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.10 12:00:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.10 12:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.10 12:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.08 14:17:24 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\eBay [2010.08.08 12:43:42 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\InstallShield ========== Files - Modified Within 30 Days ========== [2010.08.16 19:53:09 | 002,359,296 | -HS- | M] () -- C:\Users\Anja\NTUSER.DAT [2010.08.16 19:53:07 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.16 19:43:16 | 000,591,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.16 19:43:15 | 001,432,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.16 19:43:15 | 000,623,280 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.16 19:43:15 | 000,125,378 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.16 19:43:15 | 000,103,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.16 19:34:02 | 000,001,697 | ---- | M] () -- C:\Users\Public\Desktop\T-Mobile Internet Manager 03.lnk [2010.08.16 19:16:08 | 000,130,376 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.08.16 19:16:08 | 000,130,376 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.08.16 19:16:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.16 14:22:26 | 000,006,602 | ---- | M] () -- C:\ProgramData\hpqp.ini [2010.08.16 14:21:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.16 14:21:40 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.16 14:21:40 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.16 14:21:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.16 14:21:27 | 4292,042,752 | -HS- | M] () -- C:\hiberfil.sys [2010.08.16 13:37:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.16 13:37:23 | 000,524,288 | -HS- | M] () -- C:\Users\Anja\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms [2010.08.16 13:37:23 | 000,065,536 | -HS- | M] () -- C:\Users\Anja\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010.08.16 13:37:18 | 007,386,375 | -H-- | M] () -- C:\Users\Anja\AppData\Local\IconCache.db [2010.08.16 12:43:08 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{805FD0A8-9FA4-4303-845B-EBFDC893CA1B}.job [2010.08.15 16:45:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.08.15 16:45:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.08.15 16:45:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.08.15 16:45:17 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.08.15 10:55:35 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.14 21:35:04 | 000,000,758 | ---- | M] () -- C:\Users\Anja\Documents\Meine freigegebenen Ordner.lnk [2010.08.14 20:00:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.08.14 19:59:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.08.13 22:45:10 | 000,342,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.12 11:10:13 | 000,000,623 | ---- | M] () -- C:\Users\Anja\Desktop\esetsmartinstaller_enu - Verknüpfung.lnk [2010.08.11 21:22:17 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.11 18:46:07 | 000,001,097 | ---- | M] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk [2010.08.10 12:00:05 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.08 14:13:44 | 000,063,488 | ---- | M] () -- C:\Users\Anja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.05 19:56:18 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.08.05 19:56:18 | 000,001,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ========== Files Created - No Company Name ========== [2010.08.16 19:33:57 | 000,001,697 | ---- | C] () -- C:\Users\Public\Desktop\T-Mobile Internet Manager 03.lnk [2010.08.15 11:48:39 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.15 11:48:38 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.15 10:55:35 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.14 21:35:04 | 000,000,758 | ---- | C] () -- C:\Users\Anja\Documents\Meine freigegebenen Ordner.lnk [2010.08.14 20:00:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.08.14 19:59:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.08.14 19:59:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2010.08.14 17:39:10 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2010.08.14 17:39:10 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2010.08.14 17:39:10 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2010.08.14 17:39:10 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2010.08.14 17:39:10 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2010.08.14 17:39:10 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2010.08.12 09:05:27 | 000,000,623 | ---- | C] () -- C:\Users\Anja\Desktop\esetsmartinstaller_enu - Verknüpfung.lnk [2010.08.11 21:22:17 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.08.11 18:46:07 | 000,001,097 | ---- | C] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk [2010.08.10 12:00:05 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.03 17:49:26 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.08.03 17:49:26 | 000,001,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2009.08.08 19:59:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.08.08 19:58:33 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.06 15:30:41 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv06.dll [2009.06.06 15:27:17 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2009.06.06 15:16:16 | 000,003,489 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.11.14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys < End of report > |
|
16.08.2010, 20:03
| #11 |
| | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... und hier Extras.TXt OTL Extras logfile created on: 16.08.2010 19:50:52 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = c:\Users\Anja\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,71 Gb Total Space | 191,24 Gb Free Space | 66,70% Space Free | Partition Type: NTFS Drive D: | 11,38 Gb Total Space | 1,86 Gb Free Space | 16,39% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 968,47 Mb Total Space | 510,33 Mb Free Space | 52,69% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANJA-PC Current User Name: Anja Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = F6 0E A5 23 F3 33 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{21E33A58-8406-45F4-8FB6-6193E8DFEDFE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | "{25FCE6DB-703E-4E30-B6A7-4E2C7445B45A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{35F05098-1CF8-46B6-8D2E-8DB548EADABB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{3C9D168E-5AF7-4593-8D81-55CF7DB95949}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{65A3D684-A59D-46EB-98C4-4152DC553753}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | "{6F962DD7-BC36-4F71-990E-A682F210B39F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | "{8C5952FE-3FD2-46AD-9648-423F0F7C75C6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | "{F873000E-89D7-45BF-98C5-25C5C6780F83}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00052FC2-B89F-4BAC-8A08-25CE945805FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{02AA48B4-D918-486F-B5FF-9B9D1204C2D1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{073456DE-EA7D-484A-8619-3C0C879D8702}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{082B9B3B-D682-4709-80FE-A5AC48E1D60F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{09E21722-413B-472C-A7F6-6041237D0C19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0F4AB61D-DFCA-4188-9E84-0D1B3BCF001E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{0FC844C9-04BF-410A-A1E4-CA13B63B764A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{2D9DB07B-D031-49DF-B0D0-C4A68D93BD07}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{3C42CD57-CA59-4331-BD35-893DD1A995CC}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{3E509AAB-661C-472C-83A3-07E949C0ADEC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{468CA494-1F02-49CD-A519-1C6CFB3568D7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{4CE16B44-1834-47B1-8A77-787CC83F31D4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{4EA9872F-3390-452C-898A-FA44D4D3E86B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{63AEF9C6-D0EF-4159-8FB2-B30D7746BBA6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{6D3DE83C-7EBC-4DCB-9ECF-2320B6B25682}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{712CD755-F49F-45DA-BF11-CEAD1BE2A821}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{73B1B31F-82F0-49EB-B097-F2D955BD58FF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{786FE8E0-F2E0-42A2-BE79-89229700339A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{7E158B8B-F341-4304-BA8B-0EA4B4128F72}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{7F389AF4-A633-47F1-BF52-1FC75450B3E7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{81DD3349-EA23-4ABF-AF57-4AED3BCEE855}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{83413E49-8878-4DD3-8620-F5FAC0228DE7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{8EE6FDD8-12B0-48AB-925F-6F3842E4546B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{91168328-C91C-424D-B9B8-1114CD0916AB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{9E1F835E-F488-4631-8EDB-53FCC992C16E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{9FBFF129-D120-45F3-A573-250B8E95F840}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{A1E599EE-523B-41C8-9A0D-E13C99AF9096}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | "{ACC35A06-6AE7-44C0-BCE5-3EB22CAC6D0C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{AFE089BE-FD1E-43C7-BB8E-703218A75B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B3C83C26-A536-4117-BD6E-C6AF284D7EA4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{C28682BC-992E-4252-AAE8-9DAB91FE15F8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{C4539CAC-F6BE-4FEA-87A5-6CEE77F4CA03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{C9722FAD-D2B3-4F31-991C-189C3C8EC40F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{D051F2BB-14E6-492B-AA59-5F4AF8363CA3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{D8EA99E0-7130-4798-81EE-BDFDA2ACBACE}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{DF8A842F-E112-4811-A1F0-1865BB51AA24}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | "{E19E40B0-DCC5-4AFA-8946-4A85D3DE79C9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FDB3D4FF-F119-4C5E-A04D-0A513331F948}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{FF087FEC-FD49-4F4B-9E57-6DEE462B73C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{07ED33DF-ECFC-4FCD-B78F-7F364F158E9A}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe | "TCP Query User{2DB91AAC-E433-4120-877F-D8C9294CD088}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{F00343C2-E5D3-4F7E-81B4-6480CEBE64FE}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{AC55C276-874F-495B-9129-54A16E5FEC89}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe | "UDP Query User{CBB8AB20-2625-4C5E-B743-FB6C5706CBC5}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "UDP Query User{FBF8EA45-8465-410A-93EC-00ACB378DDBE}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{191C1158-D287-4074-B749-D4CDD321E062}" = ProtectSmart Hard Drive Protection "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software "{665870B4-8C0C-41E7-A015-33245DDC8679}" = HP MediaSmart SmartMenu "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E0318E3E-8059-4BD3-BEBE-D3E65D34503D}" = DigitalPersona Personal 3.1.0 "B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0) "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C3EAB3-76FF-45C8-97FE-5EBFBF0B1036}" = HP User Guides 0115 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5BA43E5C-66FD-48D2-AB40-B807D457EF83}" = ElsterFormular 2007/2008 "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Internet Manager 03 "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch "{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor "{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AOL Toolbar" = AOL Toolbar 5.0 "Ask Toolbar_is1" = Ask Toolbar "AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.64.45 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "EasyBits Magic Desktop" = Magic Desktop "ESET Online Scanner" = ESET Online Scanner v3 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D) "Free YouTube Download_is1" = Free YouTube Download 2.2 "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "Kaspersky Online Scanner" = Kaspersky Online Scanner "king.com" = king.com (remove only) "MAGIX Foto Clinic 5.0 D" = MAGIX Foto Clinic 5.0 (D) "MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D) "MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "Uninstall_is1" = Uninstall 1.0.0.1 "WildTangent hp Master Uninstall" = My HP Games ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 02.01.2010 07:32:34 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10 Description = Error - 03.01.2010 14:04:48 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10 Description = Error - 03.01.2010 17:27:38 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10 Description = Error - 04.01.2010 04:34:40 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10 Description = Error - 04.01.2010 07:57:42 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10 Description = Error - 04.01.2010 08:04:56 | Computer Name = Anja-PC | Source = Avira AntiVir | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Users\Anja\Pictures\2009-11-11 Rene HZ usw\Rene HZ usw 427.JPG. [ACCESS_VIOLATION Exception!! EIP = 0x1e0a288] Bitte Avira informieren und die obige Datei übersenden! Error - 04.01.2010 15:25:05 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10 Description = Error - 05.01.2010 04:22:50 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10 Description = Error - 05.01.2010 06:59:09 | Computer Name = Anja-PC | Source = RasClient | ID = 20227 Description = Error - 05.01.2010 10:40:05 | Computer Name = Anja-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 15.08.2010 16:31:58 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7026 Description = Error - 16.08.2010 03:49:29 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7009 Description = Error - 16.08.2010 03:49:29 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7000 Description = Error - 16.08.2010 03:49:36 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7026 Description = Error - 16.08.2010 07:19:35 | Computer Name = Anja-PC | Source = Service Control Manager | ID = 7026 Description = |
|
16.08.2010, 20:05
| #12 |
| | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... So, habe alle 4 Schritte gemacht.. Zu den Updates: Ich konnte ein Update nicht machen.. das hatte immer Fehler.. (WindowsLive) Zu Java: Konnte den Logfile nicht kopieren, da ich wohl etwas zu schnell war und dann war er schon wieder weg.. Sorry.. Der Rest ging ohne Probleme... LG ANJA |
|
17.08.2010, 15:25
| #13 |
| /// Selecta Jahrusso | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... Noch Probleme ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
18.08.2010, 12:24
| #14 |
| | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... Hi du, Probelme hat ich ja keine... Ich hatte nur ein Trojaner drauf, den ich immer noch in Quarantäne habe... Kann ich den jetzt einfach löschen?? Ist mein Lap sauber?? kann ich so wie er jetzt ist wieder ins OnlineBanking, ohne das jemand meine Daten ausliest?? Gruß Anja |
|
18.08.2010, 15:46
| #15 |
| /// Selecta Jahrusso | Trojaner irgendwo im system... Verschiedene Logs ausgeführt... Das System ist am Stand der Technik clean. Wie am Anfang erwähnt. Ne 100%ige Garantie kann ich nicht geben. Ich selber steh ja nicht auf das Online Banking. Vl verstehen irgendwann mal alle warum. Es gibt keine 100%ige Sicherheit mehr Logfile ist sauber  Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1 Systemwiederherstellungpunkte leeren Windows + R Taste drücken --> cleanmgr ( eingeben ) --> OK Wähle nun deine Systemplatte (normal C .Klicke auf Systemdateien bereinigen --> erneut die Systemplatte wählen --> Reiter Weitere Optionen und klicke auf Systemwiederherstellung und Schattenkopien bereinigen. Schritt 2 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 3 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 4 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 5 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Trojaner irgendwo im system... Verschiedene Logs ausgeführt... |
| ad.yieldmanager, adfarm, andere, anderen, antivir, bereits, chaos, einfach, forum, löschen, nachgefragt, problem, quarantäne, schritte, system, troja, trojaner, verschiedene, versuch, versucht |
Linear-Darstellung
