|
Log-Analyse und Auswertung: HiJackThis Log nach Besuch verdächtiger WebsiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.09.2010, 13:43 | #1 |
| HiJackThis Log nach Besuch verdächtiger Website Hallo, aus einem mir unerfindlichem Grund hat sich in einem Tab eine laut WOT verseuchte Seite bei mir geöffnet während ich kurz afk gewesen und das Java Icon hat scheinbar irgendwas geladen, als ich mir das genauer anschauen wollte, verschwand das Java Icon wieder, ich selbst habe kein Applet signiert. Da mir das ganze merkwürdig vorkommt, würde ich gerne darum bitten, dass man sich mein HJT Log anschaut, einen Scan mit "Spybot S&D" habe ich auch schon durchgeführt, es hat angeblich keine Probleme gefunden, aber ich hätte hier gerne noch eine Meinung zu dem HJT Log. Antivir hat bisher einen "JAVA/Agent.M1" gefunden. Danke. Mein OS: Vista, SP2 Mein Browser: Opera, 10.62 Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:35:20, on 12.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\AsScrPro.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Opera\Opera.exe D:\Programme\mIRC\mirc.exe D:\Programme\MirandaFusion\miranda32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Windows\system32\conime.exe C:\program files\avira\antivir desktop\avcenter.exe C:\Users\****\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - d:\Programme\Tobit Clipinc\Server\ClipInc-Server.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\DSL-Manager\DslMgrSvc.exe -- End of file - 9877 bytes |
12.09.2010, 14:09 | #2 |
/// Malwareteam | HiJackThis Log nach Besuch verdächtiger WebsiteEine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 AntiVir - Funde rauskopieren Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse Typ anklicken, damit die Ereignisse nach Typart sortiert werden. Jeden Fund markieren (nicht alle Ereignisse, nur Funde) => Rechtsklick auf Funde => Ereignis(se) exportieren und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten. Schritt 2 Mache bitte einen Fullscan mit Malwarebytes Anti-Malware. Schritt 3 Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
|
12.09.2010, 19:41 | #3 |
| HiJackThis Log nach Besuch verdächtiger Website Hallo Swisstreasure,
__________________ich habe AntiVir bereits während ich mein Problem gepostet habe, mit nicht Administratorberechtigungen gestartet und es hatte auch "JAVA/Agent.M1" gefunden. Jetzt habe ich nochmals einen Suchlauf mit Administratorberechtigungen gestartet und bei diesem Suchlauf habe ich nichts mehr gefunden, jedoch finde ich keinen Bericht zu dem oben genannten Ereignis, also keinen Fund an der von dir gewünschten Stelle, weder sonst noch wo. Desweiteren habe ich dir nun die anderen gewünschten Logs erstellt: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4601 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 12.09.2010 20:09:02 mbam-log-2010-09-12 (20-09-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 321895 Laufzeit: 1 Stunde(n), 50 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\Visions\updater.exe (Trojan.Dropper.PGen) -> No action taken. C:\Program Files\Visions\visexe.exe (Trojan.Dropper.PGen) -> No action taken. C:\Program Files\Visions\Visions.exe (Trojan.Dropper.PGen) -> No action taken. OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 12.09.2010 20:15:19 - Run 3 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 172,47 Gb Free Space | 74,06% Space Free | Partition Type: NTFS Drive D: | 223,12 Gb Total Space | 187,00 Gb Free Space | 83,81% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - D:\Programme\MirandaFusion\miranda32.exe ( ) PRC - D:\Programme\mIRC\mirc.exe (mIRC Co. Ltd.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - d:\Programme\Tobit Clipinc\Server\ClipInc-Server.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS) PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) PRC - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe (Cognizance Corporation) PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\System32\APSHook.dll (Cognizance Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (ClipInc001) -- d:\Programme\Tobit Clipinc\Server\ClipInc-Server.exe () SRV - (GoogleDesktopManager-092308-165331) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (TDslMgrService) -- C:\Program Files\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe () SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ASBroker) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation) SRV - (ASChannel) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll (Cognizance Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\Windows\System32\drivers\usbio.sys (Thesycon GmbH, Germany) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.3 FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}:0.7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.backup.ftp: "68.184.251.222" FF - prefs.js..network.proxy.backup.ftp_port: 18275 FF - prefs.js..network.proxy.backup.gopher: "68.184.251.222" FF - prefs.js..network.proxy.backup.gopher_port: 18275 FF - prefs.js..network.proxy.backup.socks: "68.184.251.222" FF - prefs.js..network.proxy.backup.socks_port: 18275 FF - prefs.js..network.proxy.backup.ssl: "68.184.251.222" FF - prefs.js..network.proxy.backup.ssl_port: 18275 FF - prefs.js..network.proxy.ftp: "76.107.244.125" FF - prefs.js..network.proxy.ftp_port: 3246 FF - prefs.js..network.proxy.gopher: "76.107.244.125" FF - prefs.js..network.proxy.gopher_port: 3246 FF - prefs.js..network.proxy.http: "76.107.244.125" FF - prefs.js..network.proxy.http_port: 3246 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "76.107.244.125" FF - prefs.js..network.proxy.socks_port: 3246 FF - prefs.js..network.proxy.ssl: "76.107.244.125" FF - prefs.js..network.proxy.ssl_port: 3246 FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.10 14:20:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.10 14:20:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.18 13:58:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.01.13 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.01.13 13:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.12 12:50:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions [2010.07.30 21:56:29 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.04.28 22:42:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.30 18:44:19 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} [2010.01.23 00:44:15 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.04.15 18:58:17 | 000,000,000 | ---D | M] (Show MyIP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC} [2010.03.31 13:46:14 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.07.13 19:01:32 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2010.07.28 11:17:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.18 22:38:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.07 11:39:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\firebug@software.joehewitt.com [2010.07.11 10:49:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2df94qt8.default\extensions\foxyproxy@eric.h.jung [2010.02.08 17:35:36 | 000,002,254 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2df94qt8.default\searchplugins\askcom.xml [2010.09.05 19:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.09.05 19:08:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.26 17:06:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.26 17:06:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.26 17:06:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.26 17:06:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.26 17:06:39 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.) O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.12 18:27:07 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.09.12 15:18:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.09.12 15:17:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.12 15:17:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.12 15:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.12 15:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.12 15:12:55 | 000,000,000 | ---D | C] -- C:\Users\***\Privates [2010.09.05 19:37:35 | 000,000,000 | ---D | C] -- C:\Users\***\Autoruns [2010.09.05 19:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.09.05 19:08:40 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.09.05 19:08:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.09.05 19:08:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.09.05 19:08:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.09.03 12:02:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\T-Online [2010.09.02 13:24:36 | 000,000,000 | ---D | C] -- C:\Users\***\Ablage [2010.08.30 13:34:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Miranda Fusion [2010.08.29 11:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.08.29 11:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010.08.29 00:47:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sunbelt Software [2010.08.29 00:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.08.29 00:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010.08.28 19:45:36 | 000,000,000 | ---D | C] -- C:\Users\***\Konflikte [2010.08.23 00:19:14 | 000,000,000 | ---D | C] -- C:\Users\***\Space Jam [2008.06.03 23:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2007.07.04 11:28:51 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2010.09.12 20:15:47 | 003,932,160 | -HS- | M] () -- C:\Users\***\ntuser.dat [2010.09.12 18:51:31 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.12 18:51:31 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.12 13:45:20 | 000,028,314 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.12 13:44:52 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.09.12 10:52:06 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010.09.12 10:51:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.12 10:51:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.12 10:51:03 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys [2010.09.12 01:25:33 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.12 01:25:33 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.12 01:25:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.12 01:25:09 | 004,374,831 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.09.11 21:20:02 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{031EEAF1-31AB-4307-BBCF-7F031A3F70C6}.job [2010.09.10 14:15:49 | 001,629,428 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.10 14:15:49 | 000,693,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.10 14:15:49 | 000,660,774 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.10 14:15:49 | 000,152,316 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.10 14:15:49 | 000,129,540 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.10 11:57:25 | 000,375,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.09 20:57:29 | 000,102,856 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.09 19:14:12 | 000,148,824 | ---- | M] () -- C:\Users\***\DNFont.zip [2010.09.09 13:40:01 | 000,000,648 | ---- | M] () -- C:\Users\***\Desktop\@externe Speicher.lnk [2010.09.07 20:20:44 | 000,030,903 | ---- | M] () -- C:\Users\***\skript.pdf [2010.09.07 19:29:24 | 000,007,592 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.09.07 00:22:50 | 000,028,314 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.09.06 19:59:59 | 000,000,592 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ***.job [2010.09.04 15:41:15 | 000,029,696 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.04 14:11:33 | 000,001,112 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2010.09.03 23:02:05 | 000,006,848 | ---- | M] () -- C:\Users\***\derava Kopie.png [2010.09.03 23:01:59 | 000,005,919 | ---- | M] () -- C:\Users\***\derava 9090 Kopie.png [2010.08.21 21:19:19 | 000,897,338 | ---- | M] () -- C:\Users\***\physway.png [2010.08.18 23:06:17 | 000,104,960 | ---- | M] () -- C:\Users\***\Documents\privatevisitenkarte.pub [2010.08.14 15:42:48 | 000,148,942 | ---- | M] () -- C:\Users\***\Documents\2010_08rechnung_4737333765.pdf ========== Files Created - No Company Name ========== [2010.09.09 19:14:12 | 000,148,824 | ---- | C] () -- C:\Users\***\DNFont.zip [2010.09.09 13:40:01 | 000,000,648 | ---- | C] () -- C:\Users\***\Desktop\@externe Speicher.lnk [2010.09.07 20:20:44 | 000,030,903 | ---- | C] () -- C:\Users\***\ü_la.pdf [2010.09.06 00:22:01 | 000,002,640 | ---- | C] () -- C:\Users\***\log.txt [2010.09.03 23:14:31 | 000,006,848 | ---- | C] () -- C:\Users\***\derava Kopie.png [2010.09.03 23:14:31 | 000,005,919 | ---- | C] () -- C:\Users\***\derava 9090 Kopie.png [2010.08.22 17:18:09 | 000,000,236 | ---- | C] () -- C:\Users\***\celebi.pkm [2010.08.21 21:19:19 | 000,897,338 | ---- | C] () -- C:\Users\***\physway.png [2010.08.18 23:06:16 | 000,104,960 | ---- | C] () -- C:\Users\***\Documents\privatevisitenkarte.pub [2010.08.14 15:42:48 | 000,148,942 | ---- | C] () -- C:\Users\***\Documents\2010_08rechnung_4737333765.pdf [2010.07.04 15:39:52 | 000,552,960 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.07.04 15:39:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.06.16 22:04:05 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.06.16 20:51:25 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.12.14 16:03:34 | 000,130,839 | ---- | C] () -- C:\Users\***\AppData\Local\debuggee.mdmp [2009.09.12 11:54:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.13 21:53:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.06.23 12:10:02 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.06.22 21:47:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.05.28 18:36:17 | 000,007,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.05.27 16:34:22 | 000,442,368 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.05.19 12:12:13 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS74.DLL [2009.05.09 16:15:47 | 000,029,696 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.08 22:25:43 | 000,028,314 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.08 22:25:29 | 000,028,314 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.05.08 21:34:52 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2008.07.30 02:33:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll [2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008.05.13 08:35:23 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.06.12 19:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico [2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.05.19 05:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.12.07 13:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2005.04.03 16:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll [2001.11.14 22:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1998.05.06 21:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll ========== LOP Check ========== [2009.05.09 19:14:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kanes Rache [2009.05.09 18:34:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.06.16 22:11:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2009.06.13 11:53:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media [2010.08.25 20:58:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2009.09.09 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2010.01.16 21:36:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2009.12.14 15:11:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.08.23 10:32:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.05.18 22:59:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kikin [2010.03.08 19:52:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KVIrc [2010.03.08 19:26:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KVIrc4 [2009.10.20 13:20:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2010.08.30 13:34:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda Fusion [2010.08.26 17:48:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nettalk [2010.01.29 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2010.05.24 23:23:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Multimedia Player [2010.06.27 18:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NoNameScript [2009.08.09 11:32:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.01.29 18:49:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2009.08.02 16:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QIP [2010.03.06 14:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod [2009.11.29 00:37:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos [2010.09.03 12:02:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2010.01.13 13:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2009.05.27 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit [2010.04.01 22:07:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian [2010.03.07 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2010.08.19 15:51:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\X-Chat 2 [2010.09.12 01:25:23 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.09.11 21:20:02 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{031EEAF1-31AB-4307-BBCF-7F031A3F70C6}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:10D36836AFE4C4D3 < End of report > Extras: Code:
ATTFilter OTL Extras logfile created on: 12.09.2010 20:15:19 - Run 3 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 172,47 Gb Free Space | 74,06% Space Free | Partition Type: NTFS Drive D: | 223,12 Gb Total Space | 187,00 Gb Free Space | 83,81% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{EC3D3D6C-925E-48DD-A02C-1311A3CF90F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07433856-C3FB-4653-9570-EB7BCCF5A7B5}" = dir=in | app=c:\program files\asus\ai touchmedia\ai touchmedia\kernel\dmp\clbrowserengine.exe | "{08CE8914-AAC2-4DEF-B16B-3D56B7ED7BBC}" = protocol=6 | dir=in | app=d:\programme\itunes\itunes.exe | "{0BD74713-FCAA-499B-8028-BF8117AAC2E9}" = protocol=17 | dir=in | app=d:\spiele\sum ii - aufstieg des hexenkönigs\game.dat | "{19C3E3AC-5AA3-4C84-9EC2-18801A07FA95}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{1A8DCB2A-FD8E-4C96-9A27-9A6B36AA8D96}" = protocol=6 | dir=in | app=d:\programme\mirandafusion\miranda32.exe | "{1F204515-C89F-44AE-A781-BC75D578E546}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{248C9F81-7F74-4ADE-B05E-F7CC917E4627}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{27A359E4-8753-44C8-B3DF-455EBFE0AC6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2A4BA05F-81A4-453F-A22C-15C9C655BCF0}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zsd96e.tmp\symnrt.exe | "{30C87C3D-0544-4767-ABA5-78F7039806CA}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{311D4CE4-3689-48A1-922B-2D4D2FA06D0C}" = dir=in | app=c:\program files\asus\ai touchmedia\ai touchmedia\kernel\dms\clmsservice.exe | "{362B29E0-0A58-4057-9488-B55536362BD6}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zsd96e.tmp\symnrt.exe | "{41E9715B-9C14-4DFA-BF73-F93EF6FF2B66}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{4652FAD2-ED16-46CE-BD42-65C854B5CD54}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{46A9B409-86A7-41DB-BECF-53B60EF884FF}" = protocol=6 | dir=in | app=d:\spiele\die schlacht um mittelerde ii\game.dat | "{5785FE6E-AA3B-4399-91AE-15C6E8D7F354}" = protocol=17 | dir=in | app=d:\programme\itunes\itunes.exe | "{729D9563-89AD-4D03-A1C6-0496F2AF987E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{74578E79-BC2F-45CB-BAA1-1A644A2A2880}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{794FB43F-9BD8-4A5D-99F5-F4B647A6A1CB}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{7B163C5C-6542-48B3-B108-AA7D68D9EFF7}" = protocol=6 | dir=in | app=d:\spiele\ut3\binaries\ut3.exe | "{7E80CF72-0C25-4038-BDE2-EA0E8730B9CB}" = protocol=17 | dir=in | app=d:\spiele\die schlacht um mittelerde ii\game.dat | "{962827DB-1DB9-490E-AA56-27A0C4DAFBB7}" = dir=in | app=c:\program files\asus\ai touchmedia\ai touchmedia\powercinema.exe | "{99411CB4-C83C-46FA-8520-7780F237519D}" = protocol=6 | dir=in | app=d:\spiele\sum ii - aufstieg des hexenkönigs\game.dat | "{9CD5EEF3-9DB0-4124-A18F-FBE0EBA7D659}" = dir=in | app=c:\program files\asus\ai touchmedia\playmovie\playmovie.exe | "{9FAE6E04-31CC-41D4-9E21-DA71128DF2AC}" = protocol=17 | dir=in | app=d:\spiele\ut3\binaries\ut3.exe | "{ABB9B353-F944-4DCE-88D8-04D9442ABA90}" = dir=in | app=c:\program files\asus\ai touchmedia\ai touchmedia\pcmservice.exe | "{B0FF2517-3CA1-4768-85FA-98C2BC289097}" = dir=in | app=c:\program files\asus\ai touchmedia\playmovie\pmvservice.exe | "{C3C81AC9-07CE-40F5-88E4-E4D7772C2A64}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{CC230242-CC93-4E81-BD0C-E180526AF9C3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{CF5DF6B2-281E-4205-BD98-374F561923B8}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{D42BD9FD-B269-4E13-A211-FB1EC0A6994A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D51A8B39-7337-49B2-B952-EBFA20B5BAF6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E263DC1E-37AF-486F-A6A4-D90455D4B25D}" = protocol=17 | dir=in | app=d:\programme\mirandafusion\miranda32.exe | "{E5E56470-E4AC-4A30-8D4C-01F775C3AC7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{E6945E96-56EB-41C7-9A23-E60CCE322513}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "TCP Query User{03676209-AF0E-4B85-A597-47C8A0747D19}D:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programme\mirc\mirc.exe | "TCP Query User{4FEE8082-AAE3-4874-AB71-F6DC664818DC}D:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programme\mirc\mirc.exe | "TCP Query User{55169CB3-511B-4364-BF3F-CA0B89084461}C:\program files\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files\x-chat 2\xchat.exe | "TCP Query User{58C9F97D-CC3F-49BC-A4A6-778D68103CB9}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "TCP Query User{6E7FFBEE-F3F4-42B9-99E0-DC3881F81BCE}D:\programme\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=d:\programme\mirandafusion\miranda32.exe | "TCP Query User{8E1A8B12-0C95-4532-AAA3-0F0A37D0A603}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{BB58C0AE-FEB5-4809-8DDA-D90882412F36}C:\program files\kvirc\kvirc.exe" = protocol=6 | dir=in | app=c:\program files\kvirc\kvirc.exe | "UDP Query User{07276238-05C7-4E2B-B7FF-A54F6721FBDC}D:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programme\mirc\mirc.exe | "UDP Query User{32B84A87-F110-4AAD-8E52-CC3C1E3497FF}D:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programme\mirc\mirc.exe | "UDP Query User{424A9B82-5A75-4BE4-8651-BC0E23333951}C:\program files\kvirc\kvirc.exe" = protocol=17 | dir=in | app=c:\program files\kvirc\kvirc.exe | "UDP Query User{5A25C972-E4FE-4803-9246-9B49B5E4657D}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "UDP Query User{9B43710E-E91B-4775-8085-EA8DA36BE1A4}C:\program files\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files\x-chat 2\xchat.exe | "UDP Query User{C8DE2DB2-954C-446E-B9A1-B0D470C51C2E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{CA915476-53A7-4DC6-B6FF-C13998E73F88}D:\programme\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=d:\programme\mirandafusion\miranda32.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution "{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology "{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = AI TouchMedia "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21 "{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II "{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English) "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13 "{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5 "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser "{514DF7BB-D192-417C-BB60-58BF1FD34253}" = S500/S600 USB Driver "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03 "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0048-0407-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-Bit "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver "{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9 "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B6E9A977-C2C7-4CA0-0001-98605B7C7D3E}" = MyTube Recorder "{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™ "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache "{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife "{F9FDACA5-CD20-4841-B034-A1F25969C75A}" = MyTeammanager with Launch Panel "{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch) "{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1) "Action Replay Code Manager_is1" = Action Replay Code Manager "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Camtasia Studio 3" = Camtasia Studio 3 "CANONBJ_Deinstall_CNMCP74.DLL" = Canon iP2200 "Diablo II" = Diablo II "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FileZilla Client" = FileZilla Client 3.2.7.1 "foobar2000" = foobar2000 v0.9.6.8 "Google Desktop" = Google Desktop "Guild Wars" = GUILD WARS "GuildWars Visions_is1" = GuildWars Visions v1.08 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = AI TouchMedia "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "IsoBuster_is1" = IsoBuster 2.8 "kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11 "KVIrc" = KVIrc "LogMeIn Hamachi" = LogMeIn Hamachi "M50_screensaver" = M50_screensaver "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU "MirandaFusion" = Miranda Fusion 3.0.1 "mIRC" = mIRC "Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9) "Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5) "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Professional 2010 "paw·ned²" = paw·ned² v1.3 "Picasa2" = Picasa 2 "PokerStars.net" = PokerStars.net "Sims2Pack Clean Installer " = Sims2Pack Clean Installer "Steam App 220" = Half-Life 2 "Steam App 400" = Portal "SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "Tobit ClipInc Server" = Tobit.Software clipinc.fx "Trillian" = Trillian "USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.7 "WinRAR archiver" = WinRAR "X-Chat 2_is1" = X-Chat 2.8.6-2 "Xfire" = Xfire (remove only) "YDKJG3" = YOU DON'T KNOW JACK® 3 - Abwärts! ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG) "MiKTeX 2.8" = MiKTeX 2.8 "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
12.09.2010, 21:25 | #4 |
/// Malwareteam | HiJackThis Log nach Besuch verdächtiger Website Schritt 1 Was jetzt nötig ist, sind Online-Scans, da wir immer nur einen kleinen Teil des Rechners prüfen können. Mit Online-Scans kann man den kompletten Rechner auf Schädlinge prüfen lassen. Nimm am besten gleich den Internet Explorer. Vorbereitung
ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt 2 Hast Du noch meldungen? |
13.09.2010, 00:49 | #5 |
| HiJackThis Log nach Besuch verdächtiger Website ESET Log: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=12c421307d5be849b136b7b005ba4dcc # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-09-12 11:45:59 # local_time=2010-09-13 01:45:59 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 799282 43417302 27757 0 # compatibility_mode=5892 16776573 100 100 211103 121856937 0 0 # compatibility_mode=8192 67108863 100 0 403 403 0 0 # scanned=190317 # found=1 # cleaned=0 # scan_time=10951 C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application 00000000000000000000000000000000 I |
13.09.2010, 18:53 | #6 |
/// Malwareteam | HiJackThis Log nach Besuch verdächtiger Website Schritt 1 Wende CCleaner an (Punkte 1 + 2) . Schritt 2 Programme updaten Du verwendest zum Teil veraltete Software, die Sicherheitslücken auf deinem System bildet, durch die Malware eindringen kann. Alle Software, die du auf deinem Rechner hast, muss regelmäßig geupdatet werden, auch dann, wenn du sie nicht verwendest. Eine einfache Möglichkeit, diese Software Updates zu überwachen, bietet der Secunia Inspektor. |
13.09.2010, 19:22 | #7 |
| HiJackThis Log nach Besuch verdächtiger Website Hi Swisstreasure, danke für deine bisherige Unterstützung. Ich habe jetzt Schritt 1 durchgeführt, soll ich danach mit Schritt 2 fortfahren und die Software updaten? Oder soll ich diesen Schritt eher später durchführen? Du hast ja zu anfang geschrieben, dass ich während der Bereinigung keine Software installieren oder deinstallieren solle. |
13.09.2010, 20:08 | #8 |
/// Malwareteam | HiJackThis Log nach Besuch verdächtiger Website Ausser wenn ich es sage Ja mache Schritt 2. |
13.09.2010, 22:39 | #9 |
| HiJackThis Log nach Besuch verdächtiger Website Ok, ich habe Schritt 2 ausgeführt und die gefundenen Programme aktualisiert. |
15.09.2010, 17:51 | #10 |
/// Malwareteam | HiJackThis Log nach Besuch verdächtiger Website Nachsorge Um Dein System vor Malware zu schützen, gebe ich Dir im Anschluss eine Kurzversion mit Tipps und Hinweisen auf Tools, die Dir helfen werden, Dein System abzusichern und in Zukunft frei von Infektionen zu halten. Wenn Dein System infiziert war, rate ich Dir, Deine Passwörter zu ändern. Bitte betrachte die Tipps als Vorschläge und nicht als Nonplusultra . Erstelle einen neuen Systemwiederherstellungspunkt Das ist ein guter Zeitpunkt, die Systemwiederherstellung zu leeren und einen neuen sauberen Wiederherstellungspunkt zu erstellen (Anleitung für Vista-User).
Diesen Punkt kannst Du weglassen, falls Du das System gerade neu aufgesetzt hast oder Combofix benutzt und ordentlich deinstalliert wurde, da Combofix das schon erledigt. Weitere Maßnahmen Falls bei Dir noch nicht installiert, solltest Du Dir die folgenden Programme installieren. Spybot Search&Destroy ist ein gutes Tool, welches bösartige Software sucht und unschädlich macht. Bei der Installation darauf achten, dass der TeaTimer nicht aktiviert wird. Lasse das Tool in regelmäßige Abständen (z. B. einmal pro Woche) laufen und lasse vor der Überprüfung immer nach Updates suchen, Details siehe ausführliche Anleitung. Um Dein System frei von temporären Dateien zu halten, empfehle ich CCleaner, (Toolbar nicht mitinstallieren) eine Freeware-Software zur Optimierung und zum Aufräumen von Windows, Einzelheiten siehe unsere Anleitung. Bei http://www.trojaner-board.de/105213-java-update-einstellungen.html]Java (Sun)[/URL] immer nur die aktuellste Version auf dem Rechner haben, alle anderen deinstallieren. Verwende einen alternativen Browser, ich empfehle Firefox. Es gibt eine große Anzahl von Erweiterungen, wie z. B. Adblock Plus und NoScript. Mit der Erweiterung IE Tab ist sogar das Windows- und Office-Upate über Firefox möglich. Die Erweiterung QuickJava sorgt dafür, dass Du Java und Java-Skript nur bei Bedarf einschalten kannst. Eine alternatives E-Mail-Programm ist Thunderbird. Auch dafür gibt es viele sehr gute Erweiterungen. Als Alternative für die ganzen Messenger kommen Miranda-IM oder Trillian infrage. Miranda ist ein malwarefreier OpenSource Instant-Messenger, der mit Protokollen von AOL, ICQ, IRC, MSN und Yahoo zusammen arbeitet. Mit dem ebenfalls malwarefreien Trillian kannst du mit Nutzern von ICQ, AIM, Yahoo Messenger, MSN und IRC chatten. "Wie konnte die Malware auf meinen Rechner kommen?", ist die wohl am häufigsten gestellte Frage. Malware gelangt in erster Linie über sogenannte Browser Exploits auf einen Rechner, also über Sicherheitslücken im Browser selbst. Weitere Schleusen sind E-Mail-Anhänge, Lecks im Betriebssystem oder Dateidownloads aus unsicheren Quellen. Durch Einsatz Deines Köpfchens und folgende simple Maßnahmen kannst Du den Schutz optimieren:
|
15.09.2010, 21:18 | #11 |
| HiJackThis Log nach Besuch verdächtiger Website Hi Swisstreasure, danke für deine Bemühungen und deine Ratschläge Werde das auch beachten und jetzt mal vor allem ein bisschen aufräumen, da ich doch gemerkt habe, dass ich einiges an Ballast mit mir rumschleppe - muss ja nicht sein. Danke |
Themen zu HiJackThis Log nach Besuch verdächtiger Website |
agere systems, antivir, antivir guard, avg, avira, bho, browser, defender, desktop, excel, firefox, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, java/agent.m, logfile, mozilla, plug-in, rundll, saver, scan, security, senden, server, software, system, vista, windows |