| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Trash.Gen besiegt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.09.2010, 15:28
| #1 |
 |  TR/Trash.Gen besiegt? Hallo! Auch ich habe heute die Meldung von Avira bekommen, ich hätte den Trojaner TR/Trash.Gen. Hier sind die Resultate von OTL und GMER. Ich hoffe ich hab alles richtig gemacht!!! Kenn mi gaaar net aus, wär also superlieb wenn sich das jemand ansehn könnte und mir mitteilen würde was ich jetzt noch zu tun hab!! OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.09.2010 11:17:03 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Angi\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 240,00 Mb Available Physical Memory | 47,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): c:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 46,87 Gb Free Space | 62,90% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOBIAS Current User Name: Angi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.09.07 11:15:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Angi\Desktop\OTL.exe PRC - [2010.05.14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe PRC - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.02.03 10:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.10.16 15:16:35 | 002,229,632 | ---- | M] () -- C:\Programme\GMX\LiveUpdate\m2LUTray.exe PRC - [2009.08.05 11:56:32 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.10 11:22:54 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.07.26 14:53:49 | 004,003,328 | ---- | M] (mquadr.at software engineering und consulting GmbH) -- C:\Programme\aon\aonUpdate\aonUpdate.exe PRC - [2005.02.14 18:21:57 | 000,676,352 | ---- | M] (mquadr.at software engineering & consulting GmbH) -- C:\Programme\aon\aonMessageCenter\aonMessageCenter.exe PRC - [2003.08.19 17:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X1100 Series\lxbkbmon.exe PRC - [2003.08.19 16:51:44 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe PRC - [2002.07.12 17:33:12 | 001,581,056 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe ========== Modules (SafeList) ========== MOD - [2010.09.07 11:15:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Angi\Desktop\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010.01.26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.08.05 11:56:32 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.10 11:22:54 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2010.01.21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.12.30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.12.30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.12.30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.12.08 07:53:52 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.04 11:41:08 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2009.08.22 21:22:48 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009.06.10 11:22:54 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.13 11:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2004.08.04 07:31:34 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2002.07.16 11:58:12 | 000,379,726 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) DRV - [2001.08.17 12:20:16 | 000,297,728 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97sis.sys -- (SiS7018) Dienst für AC'97-Beispieltreiber (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=jDQKAXtOG4ckzRmQ1YutZw IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=proxy.aon.at:8080 ftp=proxy.aon.at:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "GMX Suche" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "WEB.DE Suche" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/?kid=A1000032" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {C473DC2B-895F-4E11-B8BF-FF28DFD62829}:1.7.2 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/suchbox/gmxsuche?su=" FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.06 18:08:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Programme\MyWebSearch\bar\1.bin File not found FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.26 18:35:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.24 19:45:20 | 000,000,000 | ---D | M] [2008.08.30 19:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Extensions [2010.09.05 16:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\extensions [2010.04.27 20:52:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.19 12:29:43 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.04.13 11:22:49 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829} [2010.08.18 21:21:36 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.03.02 10:38:28 | 000,005,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\searchplugins\1und1-suche.xml [2010.03.02 10:38:25 | 000,001,371 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\searchplugins\amazonde.xml [2009.05.31 15:23:50 | 000,002,235 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\searchplugins\askcom.xml [2009.10.02 10:09:09 | 000,002,171 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\searchplugins\bing.xml [2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\searchplugins\conduit.xml [2010.03.02 10:38:25 | 000,010,605 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\searchplugins\gmx-suche.xml [2010.08.24 21:47:33 | 000,010,017 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\searchplugins\mywebsearch.xml [2010.04.14 13:24:08 | 000,001,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\searchplugins\preisvergleich.xml [2010.03.02 10:38:25 | 000,005,588 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Mozilla\Firefox\Profiles\9brgfr8g.default\searchplugins\webde-suche.xml [2010.09.05 16:47:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.02 10:36:53 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.03.02 10:36:53 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829} [2010.07.24 15:51:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.24 15:51:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.24 15:51:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.24 15:51:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.24 15:51:54 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.18 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.) O2 - BHO: (Helper Class) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Programme\NavExcel Search Toolbar\NavExcelBar.dll File not found O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (NavExcel Toolbar) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Programme\NavExcel Search Toolbar\NavExcelBar.dll File not found O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (NavExcel Toolbar) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Programme\NavExcel Search Toolbar\NavExcelBar.dll File not found O4 - HKLM..\Run: [1aonmessagecenter] C:\Programme\aon\aonMessageCenter\aonMessageCenter.exe (mquadr.at software engineering & consulting GmbH) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [fssui] C:\Programme\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) O4 - HKLM..\Run: [GMX Update] C:\Programme\GMX\LiveUpdate\m2LUTray.exe () O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Programme\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia) O4 - HKLM..\Run: [NvidMediaCenter] C:\Programme\Gemeinsame Dateien\System\wmsncs.exe File not found O4 - HKLM..\Run: [Spool Driver Service] C:\WINDOWS\System32\spool\drivers\wmsncs.exe File not found O4 - HKLM..\Run: [Wins Service] C:\WINDOWS\System32\wins\wmsncs.exe File not found O4 - HKLM..\Run: [Wmsncs Service] C:\WINDOWS\Fonts\wmsncs.exe File not found O4 - HKCU..\Run: [aonUpdate] C:\Programme\aon\aonUpdate\aonUpdate.exe (mquadr.at software engineering und consulting GmbH) O4 - HKCU..\Run: [NokiaOviSuite2] C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227334307116 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Angi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Angi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.09.25 22:29:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.07 11:15:34 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Angi\Desktop\OTL.exe [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.07 11:15:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Angi\Desktop\OTL.exe [2010.09.07 10:47:57 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\Angi\NTUSER.DAT [2010.09.07 10:28:45 | 000,000,428 | ---- | M] () -- C:\WINDOWS\lexstat.ini [2010.09.07 07:18:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.07 07:17:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.07 07:17:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.06 16:02:08 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.09.06 16:02:07 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.06 09:08:13 | 000,028,672 | ---- | M] () -- C:\Dokumente und Einstellungen\Angi\Eigene Dateien\GUTSCHEIN für eine Grillerei in Gleinstätten 202.doc [2010.09.06 07:36:55 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.04 13:10:29 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Angi\ntuser.ini [2010.09.04 13:10:17 | 004,299,374 | -H-- | M] () -- C:\Dokumente und Einstellungen\Angi\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.09.01 17:14:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.08.12 08:40:53 | 000,217,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 08:14:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 08:12:30 | 001,026,446 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 08:12:30 | 000,458,640 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 08:12:30 | 000,442,338 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 08:12:30 | 000,084,520 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 08:12:30 | 000,071,688 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.06 09:00:00 | 000,028,672 | ---- | C] () -- C:\Dokumente und Einstellungen\Angi\Eigene Dateien\GUTSCHEIN für eine Grillerei in Gleinstätten 202.doc [2009.03.30 20:24:21 | 000,000,374 | ---- | C] () -- C:\WINDOWS\Uninstall Spielesammlung.ini [2009.03.04 20:20:26 | 000,000,196 | ---- | C] () -- C:\WINDOWS\QTW.INI [2009.02.19 18:21:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2009.02.19 18:19:30 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini [2009.01.01 18:14:25 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Angi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.15 09:37:05 | 000,000,428 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2007.12.15 09:36:43 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll [2007.12.15 09:36:41 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL [2007.12.15 09:36:16 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini [2007.12.11 22:02:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.11.19 19:33:04 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007.10.02 14:26:28 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.09.25 22:51:46 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2001.08.18 14:00:00 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\png1gr20.dll [1999.01.22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.02.06 18:50:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2007.09.29 15:53:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\m2backup [2010.01.30 14:34:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at [2010.02.06 18:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.02.06 18:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaMusic [2010.03.12 18:58:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache [2009.12.03 15:51:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.08.16 13:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screentime [2009.06.17 17:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.01.30 14:28:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A27673AB-D29A-4AF7-9BBF-4B9F89C2A903} [2010.03.02 10:37:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B00EAAA7-F13E-4331-8129-65E59662AFA6} [2010.03.02 10:37:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B8D53BEA-6377-4E04-8901-F6960C01E454} [2010.01.30 14:20:20 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D692DF95-0D76-4FE0-9096-9B56DEAE4205} [2010.02.07 10:07:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Audacity [2007.09.25 22:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\CDZilla [2009.06.01 09:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Desktopicon [2009.01.01 18:34:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\InterVideo [2007.09.29 15:53:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\mquadr.at [2010.02.18 11:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Nokia [2010.02.06 18:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\PC Suite [2009.04.19 16:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Angi\Anwendungsdaten\Techno Design IP ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.09.2010 11:17:03 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Angi\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 240,00 Mb Available Physical Memory | 47,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): c:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 46,87 Gb Free Space | 62,90% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOBIAS Current User Name: Angi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- C:\PROGRA~1\MICROS~2\Office\FRONTPG.EXE (Microsoft Corporation) http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "D:\STHIW\stInstall.exe" = D:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard -- File not found "C:\Programme\Telekom Austria\Breitband-Internet-Installation\mobile installer\aonFlex.exe" = C:\Programme\Telekom Austria\Breitband-Internet-Installation\mobile installer\aonFlex.exe:*:Enabled:aonFlex -- (mquadr.at software engineering und consulting GmbH, Web: www.mquadr.at) "C:\Programme\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe" = C:\Programme\Telekom Austria\Breitband-Internet-Installation\fixnet installer\Installer.exe:*:Enabled:Highspeed-Internet-Installation -- (mquadr.at software engineering & consulting GmbH - Web: hxxp://www.mquadr.at - Mail: office@mquadr.at) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update "{19970A3D-BA63-47A9-9143-22827AE14BD4}" = aonController "{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite "{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation "{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5AF27589-0FA3-4BB0-8609-8F0135B1D9F6}" = Firefox 3.6 GMX Edition "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A5937EB-2FA7-4B72-B537-FF42E799F2C2}" = aonMessageCenter "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player "{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch "{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B715FDF2-C818-4B4A-ADAB-DD650BA3AEE8}" = aonModemkonfigurator "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2) "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "aonFTP" = aonFTP "aonMessageCenter" = aonMessageCenter "aonModemkonfigurator" = aonModemkonfigurator "aonUpdate" = aonUpdate "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) "Firefox 3.6 GMX Edition" = Firefox 3.6 GMX Edition "FormatFactory" = FormatFactory 1.85 "GEKKO Mahjongg" = Gekko Mahjongg "GMX Update" = GMX Update "Highspeed-Internet-Installation" = Highspeed-Internet-Installation "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Lexmark X1100 Series" = Lexmark X1100 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "Passage 3" = PASSAGE 3 "PCI Audio Driver" = PCI Audio Driver "QuicktimePluginDeinstallKey" = Quicktime Browser Plug-In "softonic-de3 Toolbar" = softonic-de3 Toolbar "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.06.2010 03:37:40 | Computer Name = TOBIAS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung nokiaovisuite.exe, Version 2.1.1.1, fehlgeschlagenes Modul qtcore4.dll, Version 4.5.0.0, Fehleradresse 0x000449d9. Error - 24.06.2010 03:54:32 | Computer Name = TOBIAS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung nokiaovisuite.exe, Version 2.1.1.1, fehlgeschlagenes Modul qtcore4.dll, Version 4.5.0.0, Fehleradresse 0x000449d9. Error - 24.06.2010 03:54:59 | Computer Name = TOBIAS | Source = Application Error | ID = 1001 Description = Fehlerhafter Speicherbereich 1758890281. Error - 24.06.2010 14:07:35 | Computer Name = TOBIAS | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung nokiaovisuite.exe, Version 2.1.1.1, fehlgeschlagenes Modul qtcore4.dll, Version 4.5.0.0, Fehleradresse 0x000449d9. Error - 11.07.2010 02:38:59 | Computer Name = TOBIAS | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2010 02:38:59 | Computer Name = TOBIAS | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2010 02:48:45 | Computer Name = TOBIAS | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2010 02:48:46 | Computer Name = TOBIAS | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 27.07.2010 15:21:26 | Computer Name = TOBIAS | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17055, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 06.09.2010 10:01:10 | Computer Name = TOBIAS | Source = Cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 06.09.2010 10:01:14 | Computer Name = TOBIAS | Source = Cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 06.09.2010 10:01:19 | Computer Name = TOBIAS | Source = Cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 06.09.2010 10:01:23 | Computer Name = TOBIAS | Source = Cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 06.09.2010 10:01:28 | Computer Name = TOBIAS | Source = Cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 06.09.2010 10:01:32 | Computer Name = TOBIAS | Source = Cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 06.09.2010 10:01:35 | Computer Name = TOBIAS | Source = Cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 06.09.2010 10:01:37 | Computer Name = TOBIAS | Source = Cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 06.09.2010 10:01:38 | Computer Name = TOBIAS | Source = Cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 06.09.2010 10:01:39 | Computer Name = TOBIAS | Source = Cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. < End of report > GMERGMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-07 13:00:29
Windows 5.1.2600 Service Pack 3
Running: gsll6y6e.exe; Driver: C:\DOKUME~1\Angi\LOKALE~1\Temp\uwtdipod.sys
---- System - GMER 1.0.15 ----
SSDT F8B6052E ZwCreateKey
SSDT F8B60524 ZwCreateThread
SSDT F8B60533 ZwDeleteKey
SSDT F8B6053D ZwDeleteValueKey
SSDT F8B60542 ZwLoadKey
SSDT F8B60510 ZwOpenProcess
SSDT F8B60515 ZwOpenThread
SSDT F8B6054C ZwReplaceKey
SSDT F8B60547 ZwRestoreKey
SSDT F8B60538 ZwSetValueKey
SSDT F8B6051F ZwTerminateProcess
Code \??\C:\WINDOWS\system32\drivers\hid3culq.sys (Button Miniport Driver for Input Devices/Bluw (Hong Kong) Limited) ZwResumeThread [0xF7BDA234]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 4115F4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] USER32.dll!DialogBoxIndirectParamW 7E382072 1 Byte [E9]
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 412D2076 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 412D1FF7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 412D203B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 412D1F83 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 412D1FBD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 412D20B1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41181772 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 412D2273 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] WS2_32.dll!getaddrinfo 71A12A6F 5 Bytes JMP 46CB3704 C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 46CB41DF C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] WS2_32.dll!socket 71A14211 5 Bytes JMP 46CB354C C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] WS2_32.dll!connect 71A14A07 5 Bytes JMP 46CB35DC C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] WS2_32.dll!send 71A14C27 5 Bytes JMP 46CB3B92 C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5352] WS2_32.dll!recv 71A1676F 5 Bytes JMP 46CB4549 C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DANKE SCHONMAL IM VORAUS!!!!!!!!!!!!!!!!!!!!! |
| Themen zu TR/Trash.Gen besiegt? |
| 0x00000001, acroiehelper.dll, adobe, antivir, ask.com, avgntflt.sys, avira, bho, bonjour, components, conduit, einstellungen, error, explorer, firefox, firefox addon, firefox.exe, flash player, format, ftp, home, ieframe.dll, iexplore.exe, install.exe, location, logfile, mozilla, object, oldtimer, otl logfile, pdf, photoshop, plug-in, registry, rundll, saver, searchplugins, security, security scan, shell32.dll, software, trojaner, udp, web.de, windows internet, windows internet explorer |
Baum-Darstellung