|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.IR.45Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.08.2010, 14:04 | #1 |
| TR/Crypt.IR.45 Hallo, Seit gestern meldet der AntiVir Guard dauernd den Trojaner TR/Crypt.IR.45 im windows/temp verzeichnis Google findet dazu leider (noch) nichts nach load.exe habe ich erst mal TFC ausgeführt. Leider hängt sich das nach einiger Zeit auf (Mittlerweile mehr als 5 Stunden keine weitere Ausgabe oder sonstige reaktion). Oder meldet sich nicht mehr zurück. Soll ich weiter warten, oder mit den beschriebenen Schritten weiter machen? nach 8 Stunden warten hab ich den Laptop ausgeschaltet. Kam normal wieder hoch Ich gehe jetzt in der Anweisung weiter:
PHP-Code:
Das log sieht folgendermaßen aus: PHP-Code: Wichtig: Klicke nicht auf den Re-Enable Button bevor wir mit der Bereinigung fertig sind!!öhm, was bedeutet das jetzt für mich? Auf wen oder was soll ich warten? hmmmm, irgendwas mache ich hier im Forum falsch ich locke mal mit Freibier , womöglich antwortet dann jemand |
29.08.2010, 18:42 | #2 | |
| TR/Crypt.IR.45Zitat:
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Klicke doch einfach mal auf Für alle Neuen in meiner Signatur und liefere die fehlenden Logs von OTL nach. Und BTW: Benutze nicht mehr die PHP-Tags, das ist nicht zu entziffern. Das richtige Tag ist #. ciao, andreas
__________________ |
29.08.2010, 19:11 | #3 |
| TR/Crypt.IR.45 Ich hab mich an die Anleitung gehalten, die mit load.exe ausgeliefert wurde. Das hab ich wohl falsch verstanden. Sorry.
__________________Hier die OTL logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.08.2010 19:48:29 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Username\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 64,89 Gb Free Space | 55,80% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 115,13 Gb Total Space | 85,55 Gb Free Space | 74,31% Space Free | Partition Type: NTFS Drive F: | 591,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Username-PC Current User Name: Username Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Username\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.) PRC - C:\Programme\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.) PRC - C:\Programme\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.) PRC - C:\Programme\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.) PRC - C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) PRC - C:\Programme\aborange Scheduler\aboScheduler.exe (aborange.de - Mathias Gerlach) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - E:\xampp\xampp-control.exe () PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Username\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WdiServiceHostAeLookupSvc) -- C:\Windows\System32\apirclw.exe File not found SRV - (MySql) -- E:\xampp\mysql\bin\mysqld-nt.exe File not found SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (scan) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L) SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. hxxp://www.bitdefender.com) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apache2.2) -- e:\xampp\apache\bin\apache.exe (Apache Software Foundation) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (XAMPP) -- e:\xampp\service.exe () SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (bdftdif) -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC) DRV - (Trufos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.) DRV - (Profos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.) DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender) DRV - (bdfsfltr) -- C:\Windows\system32\DRIVERS\bdfsfltr.sys (BitDefender) DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (BDVEDISK) -- C:\Programme\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=66056 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {F807FACD-E46A-4793-B345-D58CB177673C}:3.5.3 FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23 FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 8118 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 11:05:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.07.28 14:38:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 10:48:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 10:48:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.26 20:53:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010.06.30 17:54:27 | 000,000,000 | ---D | M] [2010.08.26 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\mozilla\Extensions [2010.08.26 20:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.29 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions [2010.06.27 08:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010.06.27 08:30:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.12.13 10:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66} [2010.03.29 16:49:26 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010.06.27 08:30:26 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21} [2010.02.14 22:44:06 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.07.17 12:46:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.06.23 20:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.06.28 17:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.03.31 20:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.07.17 12:46:43 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C} [2008.12.17 21:54:26 | 000,002,028 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\FireFox\Profiles\vzev45ly.default\searchplugins\xing---powering-relationships.xml [2010.06.24 07:22:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.01 10:48:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.04 12:32:23 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml [2010.08.01 10:48:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.01 10:48:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.01 10:48:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.01 10:48:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.04.04 10:30:18 | 000,000,757 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [cfFncEnabler.exe] File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [aborange Scheduler] C:\Program Files\aborange Scheduler\aboScheduler.exe (aborange.de - Mathias Gerlach) O4 - HKCU..\Run: [Doapi] C:\Users\Username\AppData\Roaming\Adobe\Update\getapi.exe File not found O4 - HKCU..\Run: [Getdo] File not found O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.04.28 18:29:38 | 000,000,035 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{3b8d9000-be0d-11dd-9613-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3b8d9000-be0d-11dd-9613-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LxSetup.exe -- [2010.04.28 18:35:26 | 002,213,232 | R--- | M] (Haufe-Lexware GmbH & Co. KG) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.29 19:12:46 | 000,000,000 | ---D | C] -- C:\Programme\MySQL [2010.08.29 19:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL [2010.08.29 16:52:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.29 16:51:16 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.08.29 08:13:54 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\Desktop 29.8.2010 [2010.08.28 21:44:33 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Roaming\Malwarebytes [2010.08.28 21:44:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.28 21:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.28 21:44:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.28 21:44:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.28 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\MFTools [2010.08.28 17:10:18 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.08.28 17:10:18 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.08.12 18:26:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.12 18:26:06 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.12 18:26:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.12 18:26:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.12 18:26:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.12 18:26:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.12 18:26:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.12 18:26:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.12 18:26:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.12 18:26:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.12 18:26:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.12 18:26:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.12 18:26:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.12 18:26:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.12 18:26:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.12 18:25:51 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.12 18:25:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.12 18:25:04 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.12 18:24:19 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.12 18:24:17 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.02 19:47:05 | 000,000,000 | ---D | C] -- C:\Users\Username\Documents\Lexware [2010.08.02 19:34:15 | 000,000,000 | ---D | C] -- C:\Programme\Wertpapieranalyse 2011 ========== Files - Modified Within 30 Days ========== [2010.08.29 19:57:33 | 003,145,728 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT [2010.08.29 19:22:36 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.29 19:22:36 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.29 17:22:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.29 17:22:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.29 17:22:32 | 3082,805,248 | -HS- | M] () -- C:\hiberfil.sys [2010.08.29 17:21:40 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv [2010.08.29 17:21:21 | 000,065,536 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.29 17:21:20 | 000,524,288 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.29 17:21:19 | 002,771,491 | -H-- | M] () -- C:\Users\Username\AppData\Local\IconCache.db [2010.08.29 16:51:19 | 000,000,738 | ---- | M] () -- C:\Users\Username\Desktop\NTREGOPT.lnk [2010.08.29 16:51:19 | 000,000,719 | ---- | M] () -- C:\Users\Username\Desktop\ERUNT.lnk [2010.08.28 21:44:17 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 21:42:35 | 000,050,477 | ---- | M] () -- C:\Users\Username\Desktop\defogger.exe [2010.08.28 21:42:13 | 000,284,915 | ---- | M] () -- C:\Users\Username\Desktop\Gmer.zip [2010.08.28 21:39:57 | 000,388,197 | ---- | M] () -- C:\Users\Username\Desktop\Load.exe [2010.08.28 17:10:11 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.08.28 17:10:11 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.08.27 16:04:44 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.27 16:04:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.26 14:45:40 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.08.26 14:40:34 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.08.26 14:40:24 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.08.25 21:23:15 | 000,030,956 | ---- | M] () -- C:\Users\Username\Documents\xxx.xlsx [2010.08.13 12:06:23 | 000,332,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.02 19:43:29 | 000,000,972 | ---- | M] () -- C:\Users\Username\Desktop\Quicken2011_SP1.htm.lnk [2010.08.02 19:36:08 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2011.lnk [2010.08.02 19:27:34 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\ QuickKontoblatt 2011.lnk [2010.08.02 19:27:34 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\ Quicken DELUXE 2011.lnk [2010.08.02 19:27:34 | 000,001,019 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2011 Zahlungserinnerung.lnk ========== Files Created - No Company Name ========== [2010.08.29 16:51:19 | 000,000,738 | ---- | C] () -- C:\Users\Username\Desktop\NTREGOPT.lnk [2010.08.29 16:51:19 | 000,000,719 | ---- | C] () -- C:\Users\Username\Desktop\ERUNT.lnk [2010.08.28 21:44:17 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 21:42:35 | 000,050,477 | ---- | C] () -- C:\Users\Username\Desktop\defogger.exe [2010.08.28 21:42:13 | 000,284,915 | ---- | C] () -- C:\Users\Username\Desktop\Gmer.zip [2010.08.28 21:39:54 | 000,388,197 | ---- | C] () -- C:\Users\Username\Desktop\Load.exe [2010.08.02 19:43:29 | 000,000,972 | ---- | C] () -- C:\Users\Username\Desktop\Quicken2011_SP1.htm.lnk [2010.08.02 19:36:08 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2011.lnk [2010.08.02 19:27:34 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\ QuickKontoblatt 2011.lnk [2010.08.02 19:27:34 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\ Quicken DELUXE 2011.lnk [2010.08.02 19:27:34 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2011 Zahlungserinnerung.lnk [2010.07.21 07:50:51 | 000,000,025 | ---- | C] () -- C:\Users\Username\AppData\Roaming\bdfvconp.ini [2010.06.16 19:20:46 | 000,003,492 | ---- | C] () -- C:\Windows\System32\acluie.sys [2010.01.09 09:56:27 | 000,773,141 | ---- | C] () -- C:\Users\Username\AppData\Roaming\farm.bmp [2010.01.09 09:48:36 | 000,019,980 | ---- | C] () -- C:\Users\Username\AppData\Roaming\settings.dat [2009.11.17 17:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2009.11.17 17:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2009.11.17 17:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2009.08.01 00:29:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.18 09:42:44 | 000,221,184 | ---- | C] () -- C:\Windows\System32\TidyATL.dll [2009.03.21 19:50:48 | 000,029,696 | ---- | C] () -- C:\Users\Username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.14 10:10:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.02.14 12:19:27 | 003,211,264 | ---- | C] () -- C:\Programme\Common FilesDDBACSetup.msi [2009.02.14 10:44:32 | 000,000,019 | ---- | C] () -- C:\Windows\LxRegi.INI [2009.02.14 10:41:54 | 000,048,128 | ---- | C] () -- C:\Windows\System32\V24.DLL [2009.02.14 10:40:47 | 000,001,562 | ---- | C] () -- C:\Windows\QUICKEN.INI [2009.02.14 10:40:47 | 000,000,185 | ---- | C] () -- C:\Windows\Intuprof.ini [2009.01.15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll [2008.12.04 08:13:39 | 000,005,334 | ---- | C] () -- C:\Windows\my.ini.old [2008.12.04 08:11:46 | 000,005,340 | ---- | C] () -- C:\Windows\my.ini [2008.11.29 14:34:19 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2008.11.29 14:02:46 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2008.11.29 14:02:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2008.11.29 14:02:46 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2008.11.29 14:02:46 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.08.11 16:09:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.08.11 16:09:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.08.11 16:09:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.08.11 16:09:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.08.11 16:09:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.08.11 16:09:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.08.11 16:01:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.08.11 15:46:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.08.11 15:00:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll [2003.10.01 11:50:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2002.03.28 17:19:04 | 000,491,077 | ---- | C] () -- C:\Windows\System32\QCONNECT.DLL < End of report > und Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.08.2010 19:48:29 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Username\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 64,89 Gb Free Space | 55,80% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 115,13 Gb Total Space | 85,55 Gb Free Space | 74,31% Space Free | Partition Type: NTFS Drive F: | 591,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Username-PC Current User Name: Username Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [- Browse with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browse" "%1" (Giorgio Tani) Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani) Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F8EE98C-C45F-4CD1-BB7A-0457C4C0021F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{1A7EFE42-D7C2-447A-86D3-33A71FD7496E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{22BC3D03-5055-46B7-B598-EF783E1816A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2C9495F2-75AC-4E9E-9CDA-0FA77B24B459}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2EE4F37B-CA4B-49C9-9135-C33E48A43EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{32C097F7-6326-4DE2-8A06-C7201D746D0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4C34AC07-ADA9-43D2-A4B1-4DF7AD453854}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{5904943E-0E32-4A71-BDE1-AAABF1344B3F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{700349DA-9648-429F-BFF9-94F3517E7B06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7483BBC7-BBB0-4800-B582-F8AD32D50F4B}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe | "{755CC1E8-9586-4CBF-8028-164549E969E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8171F3A0-1995-40DC-A9B2-8FDFD2662DF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{83756895-92DA-427C-8C26-ADBFA3F4B87E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{87147A11-BE26-490F-AD4D-FD8A11DD5ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{92E2DC94-5EBE-4230-BCB6-7EBDE7C9E078}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9B097A1C-08FC-48F8-B431-8508D593CFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AD5360F7-CB45-4445-A7B6-ED09FB7434AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B30458C2-8824-475C-86C0-B6101F34BC39}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BDB585AE-804B-4690-A3C4-4126D405D3A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C1D6C054-CB87-464C-B233-64F702007B4D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D67AA84D-7D70-4E3F-A4F8-CC3F8D90FB66}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{D74EAE23-272F-42A7-9F76-93E44C12537D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D9CB0D42-8EF2-4051-A9E5-2F7AD1A1F387}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E50F9AB2-DD67-4886-B25E-ED501C239516}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{F71AD95C-0AD2-4003-9264-904E6A3CDD08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F7FB1606-7EA5-40D9-9FE8-32E4F1958CFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{FADA6C96-F1BF-4AA8-AA58-CD4995F6899F}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe | "TCP Query User{0F855C4D-FE43-4BDA-8FD1-F28006963350}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{30E092CE-32D0-4211-AB70-9ED4F46743B5}C:\program files\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files\woopra\woopra.exe | "TCP Query User{57EDB700-8FFB-4021-BC9F-5BD9420D8C73}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | "TCP Query User{A0EFD9B3-E27F-4C08-BFBC-CA6EFF97121A}C:\program files\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files\woopra\woopra.exe | "TCP Query User{A166CA11-1F40-42C0-A34A-9D1AF9945C88}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{AAF9E999-C6F7-4A94-90B5-A99C88A49C17}E:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | "TCP Query User{AC3CCE97-3F57-4B7F-9567-2477E094B771}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{AEA4206A-8202-498B-AB79-5F9EA33D45A5}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "TCP Query User{B0B8CD06-4435-46C1-A4F2-965C91BF0195}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{EED1E3FB-28C0-464D-A03B-52A85DA969F7}E:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\apache.exe | "TCP Query User{FB81EE6A-E3E9-4F51-B913-EC6EBD5D5AE9}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | "TCP Query User{FC9EDD2F-D038-45AD-A2BA-0D359B2D3C1B}C:\program files\microsoft office\office12\onenote.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "UDP Query User{1B323076-C724-41B6-8BA2-7C452889E3FD}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | "UDP Query User{3C3293DE-0DA4-4F9D-8FAC-53D73998C5E7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{3EF0AC22-317C-477C-8426-3944EE7832B0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "UDP Query User{5680A2F2-1716-4E22-B8E7-3CF11E31AD8D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{5CC6D0C0-1054-4A66-B0D8-CAC87DDBB1C6}C:\program files\microsoft office\office12\onenote.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "UDP Query User{6B73C19F-3BCA-4522-B513-EB94BE16D6DE}C:\program files\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files\woopra\woopra.exe | "UDP Query User{734D2871-AB67-4790-A185-3881F8F9B3B6}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | "UDP Query User{787F0F5D-D4BD-4F49-8658-76A00C46A04E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{7C8BED21-936F-4612-A2C2-4724C06BD8D5}E:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | "UDP Query User{85AA6A0E-2FBA-410D-9857-55ABD03423F0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{8C490A4A-B41A-4B27-9165-CB44AC69A73B}E:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\apache.exe | "UDP Query User{BD516E84-7ED3-4DB3-93A8-9B565F3D4776}C:\program files\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files\woopra\woopra.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{0DFF6117-CBBC-4F5C-9C57-6936644F10D4}" = BitDefender Internet Security 2010 "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher "{1F259B2E-D2C7-486B-8A42-9803FA1527C8}" = Toshiba TEMPRO "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{3118E461-1976-4F6A-97B4-B655F3AAB263}" = Wertpapieranalyse 2009 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}" = Quicken 2010 - Servicepack 5 "{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010 "{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.4.1 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{65C7590F-E02A-4199-A44A-E223775D5447}" = Quicken 2011 - ServicePack 1 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{65EFA0CB-4039-43C5-A40B-FD2784C7E05E}" = Easy-wGet "{66A63F2B-A4EE-44D3-9CE3-6EC269DCB14D}" = Sonocaddie V300a "{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Labor "{8E77C3B6-6971-44ED-9267-A8E494785607}" = Quicken 2009 "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FC83F04-9C3F-429B-92DE-1252235765E4}" = DDBAC "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A13D9E3A-B31D-4E69-8681-EDB7AA02E365}" = Quicken Import Export Server 2011 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4 "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{B516126E-607A-47BD-8B35-335A76328576}" = Quicken Import Export Server 2009 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes "{C54C7C1F-4015-4217-8F16-8CF993C59793}" = MySQL Server 5.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D901E911-3478-466F-8EA0-0AEE85F22E4B}" = wGet-Installer "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E5A24EC1-61AF-4AF4-A103-756359FAC92E}" = Quicken 2009 - ServicePack 3 "{E5FD5CB6-C221-11D5-A2AF-0060971754F8}" = Quicken DELUXE 2003 "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F625701A-E55C-47B4-8FC0-52B4FFE306BB}" = Wertpapieranalyse 2011 "{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "7620-0758-4357-2556" = Woopra 1.4 "aborange Scheduler_is1" = aborange Scheduler - Deinstallation "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ask Toolbar_is1" = Ask Toolbar "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVS Update Manager_is1" = AVS Update Manager 1.0 "BlogDesk_is1" = BlogDesk 2.8 "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5 "DVD Shrink_is1" = DVD Shrink 3.2 "ERUNT_is1" = ERUNT 1.1j "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FileZilla Client" = FileZilla Client 3.2.4.1 "Free Disc Burner_is1" = Free Disc Burner version 1.1 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken Deluxe 2010 "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{8E77C3B6-6971-44ED-9267-A8E494785607}" = Quicken Deluxe 2009 "InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011 "InstallShield_{E5FD5CB6-C221-11D5-A2AF-0060971754F8}" = Quicken 2003 "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2) "myBabylon_English Toolbar" = myBabylon_English Toolbar "myGolfCoach" = myGolfCoach "myphotobook" = myphotobook 3.6 "nbi-nb-base-6.5.0.0.200811100614" = NetBeans IDE 6.5 "Notepad++" = Notepad++ "Picasa2" = Picasa 2 "SequoiaView" = SequoiaView "SynTPDeinstKey" = Synaptics Pointing Device Driver "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "TOSHIBA Software Modem" = TOSHIBA Software Modem "Trillian" = Trillian "TrueMoneyGames" = TrueMoneyGames 6.2 "TrueMoneyGames.de" = TrueMoneyGames.de 5.1 "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "UUSEE(ÓÆÊÓÍøÂçµçÊÓ)" = UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5 "Wertpapier-Analyse" = Wertpapier-Analyse "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite_Wave3" = Windows Live Essentials "xampp" = XAMPP 1.7.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.08.2010 11:14:18 | Computer Name = Username-PC | Source = WinMgmt | ID = 10 Description = Error - 28.08.2010 13:59:07 | Computer Name = Username-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3855, Zeitstempel 0x4c48d5ce, fehlerhaftes Modul qscanff.dll, Version 0.9.9.23, Zeitstempel 0x4c03bacc, Ausnahmecode 0xc0000417, Fehleroffset 0x0005f9c7, Prozess-ID 0x8b0, Anwendungsstartzeit 01cb46c3f29c65ad. Error - 28.08.2010 14:04:33 | Computer Name = Username-PC | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 200 Anfangszeit: 01cb46c38eff255d Zeitpunkt der Beendigung: 0 Error - 28.08.2010 14:09:51 | Computer Name = Username-PC | Source = WinMgmt | ID = 10 Description = Error - 28.08.2010 15:08:30 | Computer Name = Username-PC | Source = WinMgmt | ID = 10 Description = Error - 28.08.2010 23:20:26 | Computer Name = Username-PC | Source = Google Update | ID = 20 Description = Error - 29.08.2010 00:18:28 | Computer Name = Username-PC | Source = Google Update | ID = 20 Description = Error - 29.08.2010 01:59:48 | Computer Name = Username-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung apache.exe, Version 2.2.11.0, Zeitstempel 0x493f5d44, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000005, Fehleroffset 0x00067580, Prozess-ID 0x81c, Anwendungsstartzeit 01cb46e448763fde. Error - 29.08.2010 02:10:24 | Computer Name = Username-PC | Source = Application Hang | ID = 1002 Description = Programm TFC.exe, Version 3.1.7.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1680 Anfangszeit: 01cb46e98ceedde0 Zeitpunkt der Beendigung: 31 Error - 29.08.2010 02:13:22 | Computer Name = Username-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 15.05.2010 11:20:44 | Computer Name = Username-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 28.08.2010 15:08:31 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.08.2010 18:42:44 | Computer Name = Username-PC | Source = DCOM | ID = 10010 Description = Error - 29.08.2010 01:03:23 | Computer Name = Username-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.42 für die Netzwerkkarte mit der Netzwerkadresse 002163802F7C wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 29.08.2010 01:59:53 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7034 Description = Error - 29.08.2010 02:12:32 | Computer Name = Username-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 29.08.2010 um 08:10:47 unerwartet heruntergefahren. Error - 29.08.2010 02:13:24 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.08.2010 10:46:44 | Computer Name = Username-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 29.08.2010 um 16:43:38 unerwartet heruntergefahren. Error - 29.08.2010 10:47:41 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.08.2010 11:23:46 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.08.2010 13:33:43 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7034 Description = < End of report > |
29.08.2010, 19:56 | #4 |
| TR/Crypt.IR.45 Boah. 1.) Entscheide dich für ein Antivirenprogramm (egal ob Avira oder Bitdefender). Deinstalliere das andere. 2.) TuneUp ist Müll. Deinstallieren. 3.) Ask-Toolbar und Conduit ist Adware. Deinstallieren. 4.) Die Software (besonders die Sicherheitskritische, wie Java und Adobe Reader) ist veraltet. Hilfe bietet dabei => PSI - Consumer - Products 5.) Schädlinge sind auf den ersten Blick nicht zu erkennen (abgesehen von einigen Regeinträgen). Weitere Scans nur auf Wunsch. 6.) Fixen mit OTL
Code:
ATTFilter :OTL SRV - (WdiServiceHostAeLookupSvc) -- C:\Windows\System32\apirclw.exe File not found SRV - (MySql) -- E:\xampp\mysql\bin\mysqld-nt.exe File not found | R--- | M] (Realore Studios ) DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=66056 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O4 - HKLM..\Run: [cfFncEnabler.exe] File not found O4 - HKCU..\Run: [Doapi] C:\Users\Username\AppData\Roaming\Adobe\Update\getapi.exe File not found O4 - HKCU..\Run: [Getdo] File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O33 - MountPoints2\{3b8d9000-be0d-11dd-9613-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3b8d9000-be0d-11dd-9613-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LxSetup.exe -- [2010.04.28 18:35:26 | 002,213,232 | R--- | M] (Haufe-Lexware GmbH & Co. KG) :Commands [purity] [resethosts] [emptyflash] [emptytemp]
7.) Erstelle und poste neue Logs mit OTL. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
29.08.2010, 20:55 | #5 |
| TR/Crypt.IR.45 Danke für die Tips! PHP-Code: Code:
ATTFilter OTL logfile created on: 29.08.2010 21:41:20 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Username\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 66,76 Gb Free Space | 57,41% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 115,13 Gb Total Space | 85,55 Gb Free Space | 74,31% Space Free | Partition Type: NTFS Drive F: | 591,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Username-PC Current User Name: Username Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Username\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Secunia\PSI\psi.exe (Secunia) PRC - C:\Programme\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.) PRC - C:\Programme\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.) PRC - C:\Programme\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.) PRC - C:\Programme\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.) PRC - C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) PRC - C:\Programme\aborange Scheduler\aboScheduler.exe (aborange.de - Mathias Gerlach) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - E:\xampp\apache\bin\apache.exe (Apache Software Foundation) PRC - e:\xampp\apache\bin\apache.exe (Apache Software Foundation) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Username\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (scan) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L) SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. hxxp://www.bitdefender.com) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Apache2.2) -- e:\xampp\apache\bin\apache.exe (Apache Software Foundation) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (XAMPP) -- e:\xampp\service.exe () SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (bdftdif) -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC) DRV - (Trufos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.) DRV - (Profos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.) DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender) DRV - (bdfsfltr) -- C:\Windows\system32\DRIVERS\bdfsfltr.sys (BitDefender) DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (BDVEDISK) -- C:\Programme\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1 FF - prefs.js..extensions.enabledItems: {386869f0-e3f2-11dc-95ff-0800200c9a66}:1.2 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {F807FACD-E46A-4793-B345-D58CB177673C}:3.5.3 FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23 FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 8118 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 11:05:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.07.28 14:38:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 10:48:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 10:48:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.26 20:53:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010.06.30 17:54:27 | 000,000,000 | ---D | M] [2010.08.26 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\mozilla\Extensions [2010.08.26 20:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.29 21:37:33 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions [2010.06.27 08:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010.06.27 08:30:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.12.13 10:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66} [2010.03.29 16:49:26 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010.06.27 08:30:26 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21} [2010.02.14 22:44:06 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.07.17 12:46:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.06.23 20:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.06.28 17:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.29 21:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.07.17 12:46:43 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C} [2008.12.17 21:54:26 | 000,002,028 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\FireFox\Profiles\vzev45ly.default\searchplugins\xing---powering-relationships.xml [2010.06.24 07:22:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.01 10:48:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.04 12:32:23 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml [2010.08.01 10:48:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.01 10:48:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.01 10:48:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.01 10:48:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.29 21:21:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [aborange Scheduler] C:\Program Files\aborange Scheduler\aboScheduler.exe (aborange.de - Mathias Gerlach) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.04.28 18:29:38 | 000,000,035 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.29 21:16:06 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.29 21:12:57 | 000,000,000 | ---D | C] -- C:\Programme\Secunia [2010.08.29 19:12:46 | 000,000,000 | ---D | C] -- C:\Programme\MySQL [2010.08.29 19:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL [2010.08.29 16:52:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.29 16:51:16 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.08.29 08:13:54 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\Desktop 29.8.2010 [2010.08.28 21:44:33 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Roaming\Malwarebytes [2010.08.28 21:44:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.28 21:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.28 21:44:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.28 21:44:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.28 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\MFTools [2010.08.28 17:10:18 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.08.28 17:10:18 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.08.12 18:26:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.12 18:26:06 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.12 18:26:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.12 18:26:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.12 18:26:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.12 18:26:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.12 18:26:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.12 18:26:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.12 18:26:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.12 18:26:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.12 18:26:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.12 18:26:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.12 18:26:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.12 18:26:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.12 18:26:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.12 18:25:51 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.12 18:25:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.12 18:25:04 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.12 18:24:19 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.12 18:24:17 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.02 19:47:05 | 000,000,000 | ---D | C] -- C:\Users\Username\Documents\Lexware [2010.08.02 19:34:15 | 000,000,000 | ---D | C] -- C:\Programme\Wertpapieranalyse 2011 ========== Files - Modified Within 30 Days ========== [2010.08.29 21:41:20 | 003,145,728 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT [2010.08.29 21:33:25 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.29 21:33:25 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.29 21:33:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.29 21:33:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.29 21:33:09 | 3082,805,248 | -HS- | M] () -- C:\hiberfil.sys [2010.08.29 21:21:57 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010.08.29 17:21:40 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv [2010.08.29 17:21:21 | 000,065,536 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.29 17:21:20 | 000,524,288 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.29 17:21:19 | 002,771,491 | -H-- | M] () -- C:\Users\Username\AppData\Local\IconCache.db [2010.08.29 16:51:19 | 000,000,738 | ---- | M] () -- C:\Users\Username\Desktop\NTREGOPT.lnk [2010.08.29 16:51:19 | 000,000,719 | ---- | M] () -- C:\Users\Username\Desktop\ERUNT.lnk [2010.08.28 21:44:17 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 21:42:35 | 000,050,477 | ---- | M] () -- C:\Users\Username\Desktop\defogger.exe [2010.08.28 21:42:13 | 000,284,915 | ---- | M] () -- C:\Users\Username\Desktop\Gmer.zip [2010.08.28 21:39:57 | 000,388,197 | ---- | M] () -- C:\Users\Username\Desktop\Load.exe [2010.08.28 17:10:11 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.08.28 17:10:11 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.08.27 16:04:44 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.27 16:04:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.26 14:45:40 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.08.26 14:40:34 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.08.26 14:40:24 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.08.25 21:23:15 | 000,030,956 | ---- | M] () -- C:\Users\Username\Documents\xxx.xlsx [2010.08.13 12:06:23 | 000,332,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.02 19:43:29 | 000,000,972 | ---- | M] () -- C:\Users\Username\Desktop\Quicken2011_SP1.htm.lnk [2010.08.02 19:36:08 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2011.lnk [2010.08.02 19:27:34 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\ QuickKontoblatt 2011.lnk [2010.08.02 19:27:34 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\ Quicken DELUXE 2011.lnk [2010.08.02 19:27:34 | 000,001,019 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2011 Zahlungserinnerung.lnk ========== Files Created - No Company Name ========== [2010.08.29 16:51:19 | 000,000,738 | ---- | C] () -- C:\Users\Username\Desktop\NTREGOPT.lnk [2010.08.29 16:51:19 | 000,000,719 | ---- | C] () -- C:\Users\Username\Desktop\ERUNT.lnk [2010.08.28 21:44:17 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.28 21:42:35 | 000,050,477 | ---- | C] () -- C:\Users\Username\Desktop\defogger.exe [2010.08.28 21:42:13 | 000,284,915 | ---- | C] () -- C:\Users\Username\Desktop\Gmer.zip [2010.08.28 21:39:54 | 000,388,197 | ---- | C] () -- C:\Users\Username\Desktop\Load.exe [2010.08.02 19:43:29 | 000,000,972 | ---- | C] () -- C:\Users\Username\Desktop\Quicken2011_SP1.htm.lnk [2010.08.02 19:36:08 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2011.lnk [2010.08.02 19:27:34 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\ QuickKontoblatt 2011.lnk [2010.08.02 19:27:34 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\ Quicken DELUXE 2011.lnk [2010.08.02 19:27:34 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2011 Zahlungserinnerung.lnk [2010.07.21 07:50:51 | 000,000,025 | ---- | C] () -- C:\Users\Username\AppData\Roaming\bdfvconp.ini [2010.06.16 19:20:46 | 000,003,492 | ---- | C] () -- C:\Windows\System32\acluie.sys [2010.01.09 09:56:27 | 000,773,141 | ---- | C] () -- C:\Users\Username\AppData\Roaming\farm.bmp [2010.01.09 09:48:36 | 000,019,980 | ---- | C] () -- C:\Users\Username\AppData\Roaming\settings.dat [2009.11.17 17:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2009.11.17 17:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2009.11.17 17:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2009.08.01 00:29:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.18 09:42:44 | 000,221,184 | ---- | C] () -- C:\Windows\System32\TidyATL.dll [2009.03.21 19:50:48 | 000,029,696 | ---- | C] () -- C:\Users\Username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.14 10:10:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.02.14 12:19:27 | 003,211,264 | ---- | C] () -- C:\Programme\Common FilesDDBACSetup.msi [2009.02.14 10:44:32 | 000,000,019 | ---- | C] () -- C:\Windows\LxRegi.INI [2009.02.14 10:41:54 | 000,048,128 | ---- | C] () -- C:\Windows\System32\V24.DLL [2009.02.14 10:40:47 | 000,001,562 | ---- | C] () -- C:\Windows\QUICKEN.INI [2009.02.14 10:40:47 | 000,000,185 | ---- | C] () -- C:\Windows\Intuprof.ini [2009.01.15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll [2008.12.04 08:13:39 | 000,005,334 | ---- | C] () -- C:\Windows\my.ini.old [2008.12.04 08:11:46 | 000,005,340 | ---- | C] () -- C:\Windows\my.ini [2008.11.29 14:34:19 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2008.11.29 14:02:46 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2008.11.29 14:02:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2008.11.29 14:02:46 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2008.11.29 14:02:46 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.08.11 16:09:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.08.11 16:09:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.08.11 16:09:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.08.11 16:09:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.08.11 16:09:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.08.11 16:09:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.08.11 16:01:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.08.11 15:46:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.08.11 15:00:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll [2003.10.01 11:50:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll [2002.03.28 17:19:04 | 000,491,077 | ---- | C] () -- C:\Windows\System32\QCONNECT.DLL < End of report > |
29.08.2010, 21:04 | #6 |
| TR/Crypt.IR.45 Es fehlt noch Extras.txt, findest du auf deinem Desktop. Bezüglich TuneUp schau doch mal hier: => http://www.trojaner-board.de/77902-5...tml#post469682 => http://www.trojaner-board.de/72761-w...tml#post433943 Komplette Threads: => http://www.trojaner-board.de/77902-5...-gefunden.html => http://www.trojaner-board.de/72761-w...h-langsam.html Es gibt noch mehr, bin nur zu faul zum Suchen. ciao, andreas
__________________ --> TR/Crypt.IR.45 |
29.08.2010, 21:09 | #7 |
| TR/Crypt.IR.45 oops, nomol sorry OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.08.2010 19:48:29 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\username\Desktop\MFTools Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,29 Gb Total Space | 64,89 Gb Free Space | 55,80% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 115,13 Gb Total Space | 85,55 Gb Free Space | 74,31% Space Free | Partition Type: NTFS Drive F: | 591,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: username-PC Current User Name: username Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [- Browse with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browse" "%1" (Giorgio Tani) Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani) Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F8EE98C-C45F-4CD1-BB7A-0457C4C0021F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{1A7EFE42-D7C2-447A-86D3-33A71FD7496E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{22BC3D03-5055-46B7-B598-EF783E1816A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2C9495F2-75AC-4E9E-9CDA-0FA77B24B459}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2EE4F37B-CA4B-49C9-9135-C33E48A43EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{32C097F7-6326-4DE2-8A06-C7201D746D0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4C34AC07-ADA9-43D2-A4B1-4DF7AD453854}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{5904943E-0E32-4A71-BDE1-AAABF1344B3F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{700349DA-9648-429F-BFF9-94F3517E7B06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7483BBC7-BBB0-4800-B582-F8AD32D50F4B}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe | "{755CC1E8-9586-4CBF-8028-164549E969E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8171F3A0-1995-40DC-A9B2-8FDFD2662DF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{83756895-92DA-427C-8C26-ADBFA3F4B87E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{87147A11-BE26-490F-AD4D-FD8A11DD5ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{92E2DC94-5EBE-4230-BCB6-7EBDE7C9E078}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9B097A1C-08FC-48F8-B431-8508D593CFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AD5360F7-CB45-4445-A7B6-ED09FB7434AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B30458C2-8824-475C-86C0-B6101F34BC39}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BDB585AE-804B-4690-A3C4-4126D405D3A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C1D6C054-CB87-464C-B233-64F702007B4D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D67AA84D-7D70-4E3F-A4F8-CC3F8D90FB66}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{D74EAE23-272F-42A7-9F76-93E44C12537D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D9CB0D42-8EF2-4051-A9E5-2F7AD1A1F387}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E50F9AB2-DD67-4886-B25E-ED501C239516}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{F71AD95C-0AD2-4003-9264-904E6A3CDD08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F7FB1606-7EA5-40D9-9FE8-32E4F1958CFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{FADA6C96-F1BF-4AA8-AA58-CD4995F6899F}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe | "TCP Query User{0F855C4D-FE43-4BDA-8FD1-F28006963350}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{30E092CE-32D0-4211-AB70-9ED4F46743B5}C:\program files\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files\woopra\woopra.exe | "TCP Query User{57EDB700-8FFB-4021-BC9F-5BD9420D8C73}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | "TCP Query User{A0EFD9B3-E27F-4C08-BFBC-CA6EFF97121A}C:\program files\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files\woopra\woopra.exe | "TCP Query User{A166CA11-1F40-42C0-A34A-9D1AF9945C88}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{AAF9E999-C6F7-4A94-90B5-A99C88A49C17}E:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | "TCP Query User{AC3CCE97-3F57-4B7F-9567-2477E094B771}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{AEA4206A-8202-498B-AB79-5F9EA33D45A5}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "TCP Query User{B0B8CD06-4435-46C1-A4F2-965C91BF0195}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{EED1E3FB-28C0-464D-A03B-52A85DA969F7}E:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\apache.exe | "TCP Query User{FB81EE6A-E3E9-4F51-B913-EC6EBD5D5AE9}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | "TCP Query User{FC9EDD2F-D038-45AD-A2BA-0D359B2D3C1B}C:\program files\microsoft office\office12\onenote.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "UDP Query User{1B323076-C724-41B6-8BA2-7C452889E3FD}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | "UDP Query User{3C3293DE-0DA4-4F9D-8FAC-53D73998C5E7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{3EF0AC22-317C-477C-8426-3944EE7832B0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | "UDP Query User{5680A2F2-1716-4E22-B8E7-3CF11E31AD8D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{5CC6D0C0-1054-4A66-B0D8-CAC87DDBB1C6}C:\program files\microsoft office\office12\onenote.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "UDP Query User{6B73C19F-3BCA-4522-B513-EB94BE16D6DE}C:\program files\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files\woopra\woopra.exe | "UDP Query User{734D2871-AB67-4790-A185-3881F8F9B3B6}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | "UDP Query User{787F0F5D-D4BD-4F49-8658-76A00C46A04E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{7C8BED21-936F-4612-A2C2-4724C06BD8D5}E:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | "UDP Query User{85AA6A0E-2FBA-410D-9857-55ABD03423F0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{8C490A4A-B41A-4B27-9165-CB44AC69A73B}E:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\apache.exe | "UDP Query User{BD516E84-7ED3-4DB3-93A8-9B565F3D4776}C:\program files\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files\woopra\woopra.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{0DFF6117-CBBC-4F5C-9C57-6936644F10D4}" = BitDefender Internet Security 2010 "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher "{1F259B2E-D2C7-486B-8A42-9803FA1527C8}" = Toshiba TEMPRO "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{3118E461-1976-4F6A-97B4-B655F3AAB263}" = Wertpapieranalyse 2009 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}" = Quicken 2010 - Servicepack 5 "{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010 "{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.4.1 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{65C7590F-E02A-4199-A44A-E223775D5447}" = Quicken 2011 - ServicePack 1 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{65EFA0CB-4039-43C5-A40B-FD2784C7E05E}" = Easy-wGet "{66A63F2B-A4EE-44D3-9CE3-6EC269DCB14D}" = Sonocaddie V300a "{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Labor "{8E77C3B6-6971-44ED-9267-A8E494785607}" = Quicken 2009 "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FC83F04-9C3F-429B-92DE-1252235765E4}" = DDBAC "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A13D9E3A-B31D-4E69-8681-EDB7AA02E365}" = Quicken Import Export Server 2011 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4 "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{B516126E-607A-47BD-8B35-335A76328576}" = Quicken Import Export Server 2009 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes "{C54C7C1F-4015-4217-8F16-8CF993C59793}" = MySQL Server 5.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D901E911-3478-466F-8EA0-0AEE85F22E4B}" = wGet-Installer "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E5A24EC1-61AF-4AF4-A103-756359FAC92E}" = Quicken 2009 - ServicePack 3 "{E5FD5CB6-C221-11D5-A2AF-0060971754F8}" = Quicken DELUXE 2003 "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F625701A-E55C-47B4-8FC0-52B4FFE306BB}" = Wertpapieranalyse 2011 "{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "7620-0758-4357-2556" = Woopra 1.4 "aborange Scheduler_is1" = aborange Scheduler - Deinstallation "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ask Toolbar_is1" = Ask Toolbar "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVS Update Manager_is1" = AVS Update Manager 1.0 "BlogDesk_is1" = BlogDesk 2.8 "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5 "DVD Shrink_is1" = DVD Shrink 3.2 "ERUNT_is1" = ERUNT 1.1j "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FileZilla Client" = FileZilla Client 3.2.4.1 "Free Disc Burner_is1" = Free Disc Burner version 1.1 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken Deluxe 2010 "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{8E77C3B6-6971-44ED-9267-A8E494785607}" = Quicken Deluxe 2009 "InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011 "InstallShield_{E5FD5CB6-C221-11D5-A2AF-0060971754F8}" = Quicken 2003 "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2) "myBabylon_English Toolbar" = myBabylon_English Toolbar "myGolfCoach" = myGolfCoach "myphotobook" = myphotobook 3.6 "nbi-nb-base-6.5.0.0.200811100614" = NetBeans IDE 6.5 "Notepad++" = Notepad++ "Picasa2" = Picasa 2 "SequoiaView" = SequoiaView "SynTPDeinstKey" = Synaptics Pointing Device Driver "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "TOSHIBA Software Modem" = TOSHIBA Software Modem "Trillian" = Trillian "TrueMoneyGames" = TrueMoneyGames 6.2 "TrueMoneyGames.de" = TrueMoneyGames.de 5.1 "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "UUSEE(ÓÆÊÓÍøÂçµçÊÓ)" = UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5 "Wertpapier-Analyse" = Wertpapier-Analyse "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite_Wave3" = Windows Live Essentials "xampp" = XAMPP 1.7.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.08.2010 11:14:18 | Computer Name = username-PC | Source = WinMgmt | ID = 10 Description = Error - 28.08.2010 13:59:07 | Computer Name = username-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3855, Zeitstempel 0x4c48d5ce, fehlerhaftes Modul qscanff.dll, Version 0.9.9.23, Zeitstempel 0x4c03bacc, Ausnahmecode 0xc0000417, Fehleroffset 0x0005f9c7, Prozess-ID 0x8b0, Anwendungsstartzeit 01cb46c3f29c65ad. Error - 28.08.2010 14:04:33 | Computer Name = username-PC | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 200 Anfangszeit: 01cb46c38eff255d Zeitpunkt der Beendigung: 0 Error - 28.08.2010 14:09:51 | Computer Name = username-PC | Source = WinMgmt | ID = 10 Description = Error - 28.08.2010 15:08:30 | Computer Name = username-PC | Source = WinMgmt | ID = 10 Description = Error - 28.08.2010 23:20:26 | Computer Name = username-PC | Source = Google Update | ID = 20 Description = Error - 29.08.2010 00:18:28 | Computer Name = username-PC | Source = Google Update | ID = 20 Description = Error - 29.08.2010 01:59:48 | Computer Name = username-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung apache.exe, Version 2.2.11.0, Zeitstempel 0x493f5d44, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000005, Fehleroffset 0x00067580, Prozess-ID 0x81c, Anwendungsstartzeit 01cb46e448763fde. Error - 29.08.2010 02:10:24 | Computer Name = username-PC | Source = Application Hang | ID = 1002 Description = Programm TFC.exe, Version 3.1.7.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1680 Anfangszeit: 01cb46e98ceedde0 Zeitpunkt der Beendigung: 31 Error - 29.08.2010 02:13:22 | Computer Name = username-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 15.05.2010 11:20:44 | Computer Name = username-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 28.08.2010 15:08:31 | Computer Name = username-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.08.2010 18:42:44 | Computer Name = username-PC | Source = DCOM | ID = 10010 Description = Error - 29.08.2010 01:03:23 | Computer Name = username-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.42 für die Netzwerkkarte mit der Netzwerkadresse 002163802F7C wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 29.08.2010 01:59:53 | Computer Name = username-PC | Source = Service Control Manager | ID = 7034 Description = Error - 29.08.2010 02:12:32 | Computer Name = username-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 29.08.2010 um 08:10:47 unerwartet heruntergefahren. Error - 29.08.2010 02:13:24 | Computer Name = username-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.08.2010 10:46:44 | Computer Name = username-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 29.08.2010 um 16:43:38 unerwartet heruntergefahren. Error - 29.08.2010 10:47:41 | Computer Name = username-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.08.2010 11:23:46 | Computer Name = username-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.08.2010 13:33:43 | Computer Name = username-PC | Source = Service Control Manager | ID = 7034 Description = < End of report > |
29.08.2010, 21:14 | #8 |
| TR/Crypt.IR.45 Ask-Toolbar ist nicht deinstalliert. Java und Acrobat Reader ist noch immer veraltet. Du musst PSI schon benutzen, sonst wird das nichts. Wie geht es dem Rechner, gibt es noch Auffälligkeiten oder Meldungen? ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
29.08.2010, 21:19 | #9 |
| TR/Crypt.IR.45 Maschine reagiert wieder normal. Dafür erst mal ein riesiges Dankeschön Ich reagiere auch normal. Bin kein Profi wie ihr. Brauch da noch was Zeit Werde jetzt fleissig deinstallieren und updaten. PSI läuft schon... |
29.08.2010, 21:20 | #10 |
| TR/Crypt.IR.45 Starte OTL => Bereinigen => Rechner startet neu. Du bist entlassen. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
Themen zu TR/Crypt.IR.45 |
antivir, antivir guard, dauernd, einiger, gestern, guard, hängt, load.exe, melde, meldet, neustart., nicht mehr, reaktion, schritte, sonstige, stunde, stunden, troja, trojaner |