| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus stört Firefox und alle Antivirus Progs.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.09.2010, 00:18
| #1 |
| |  Virus stört Firefox und alle Antivirus Progs. Irgendein "Plagegeist" hat sich auf meinem Lap Top eingenistet. Seit dem fuktionieren nur mehr wenige Websiten mit Firefox, kein E-mail Abruf und sämtliche Software die ich gegen Viren hab stürtzt ab sobald es den Ordner recycle.Bin scant! Zur Info: Hab WIn Vista laufen. Vieleicht kennt Ihr ja ein Programm was ich laufen lassen könnt: (AntiVir, Adware,Malwarebytes, stürzen sofort ab) Ich möchte mich schon im Voraus bei all jenen Bedanken die sich über mein Problem Gedanken machen! |
|
13.09.2010, 13:06
| #2 |
| /// Malware-holic   | Virus stört Firefox und alle Antivirus Progs. ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide. |
|
13.09.2010, 21:52
| #3 |
| | Virus stört Firefox und alle Antivirus Progs. OTL.TXT:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 13.09.2010 22:35:34 - Run 2 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Jimmy\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 433,53 Gb Total Space | 361,81 Gb Free Space | 83,46% Space Free | Partition Type: NTFS Drive D: | 32,22 Gb Total Space | 17,55 Gb Free Space | 54,48% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 3,73 Gb Total Space | 0,64 Gb Free Space | 17,11% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JIMMY-PC Current User Name: Jimmy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Jimmy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Windows\System32\Rezip.exe () PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - G:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Connection Manager\sysctrl.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (SafeList) ========== MOD - C:\Users\Jimmy\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (STacSV) -- c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (WPN111) -- C:\Windows\System32\DRIVERS\WPN111v.sys File not found DRV - (Trufos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys File not found DRV - (Profos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA) DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com/ [binary data] IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.18 FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={B264E225-5D95-4611-67ED-51BC5777389A}&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.13 00:43:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.13 00:43:25 | 000,000,000 | ---D | M] [2009.09.17 12:38:11 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\mozilla\Extensions [2010.09.13 21:36:42 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\m0chm78r.default\extensions [2010.04.04 17:03:33 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\m0chm78r.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009.09.17 17:21:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\m0chm78r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.13 22:27:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.25 06:21:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.25 06:21:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.25 06:21:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.25 06:21:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.25 06:21:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.07 23:33:42 | 000,002,657 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 hxxp://www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 30 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-4163552127-872894075-1681724628-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Z810SysStart] C:\Programme\Connection Manager\sysctrl.exe () O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4163552127-872894075-1681724628-1000..\Run: [SpybotSD TeaTimer] G:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-4163552127-872894075-1681724628-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4163552127-872894075-1681724628-1000..\Run: [Z810SysStart] C:\Programme\Connection Manager\sysctrl.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O33 - MountPoints2\{4648e6e7-bf44-11df-a0fc-001f162806af}\Shell - "" = AutoRun O33 - MountPoints2\{4648e6e7-bf44-11df-a0fc-001f162806af}\Shell\AutoRun\command - "" = I:\Startme.exe -- File not found O33 - MountPoints2\{6f1c4ab6-a369-11de-8f38-001f162806af}\Shell - "" = AutoRun O33 - MountPoints2\{6f1c4ab6-a369-11de-8f38-001f162806af}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{ccefcf2e-e409-11de-846c-001f162806af}\Shell - "" = AutoRun O33 - MountPoints2\{ccefcf2e-e409-11de-846c-001f162806af}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O33 - MountPoints2\{dd53f965-a7c1-11de-8551-001f162806af}\Shell - "" = AutoRun O33 - MountPoints2\{dd53f965-a7c1-11de-8551-001f162806af}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe () MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: MDS_Menu - hkey= - key= - C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe (CyberLink Corp.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: snp2uvc - hkey= - key= - C:\Windows\vsnp2uvc.exe File not found MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: tsnp2uvc - hkey= - key= - C:\Windows\tsnp2uvc.exe () MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: Z810PNP - hkey= - key= - C:\Programme\Connection Manager\SamsungPnPServiceManager.exe () MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010.09.13 21:43:19 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.09.13 21:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.09.12 21:35:36 | 001,913,032 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jimmy\Desktop\HousecallLauncher.exe [2010.09.12 21:12:59 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe [2010.09.12 20:58:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.12 20:58:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.12 20:58:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.12 20:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.12 20:52:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.09.12 17:01:31 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.09.12 17:01:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.09.12 17:00:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{437292BE-95BD-4B12-B699-6D217A03ACAF} [2010.09.12 16:59:52 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.09.12 16:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.08.22 15:05:48 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader [2009.07.23 04:36:52 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.07.23 04:36:51 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2010.09.13 22:35:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0E42B1F-2849-4B8D-A516-D66190011D5C}.job [2010.09.13 22:34:25 | 002,621,440 | -HS- | M] () -- C:\Users\Jimmy\NTUSER.DAT [2010.09.13 22:16:49 | 000,079,117 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.09.13 22:16:49 | 000,079,117 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.13 22:16:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.13 22:16:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.13 22:16:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.13 22:16:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.13 22:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.13 22:16:17 | 3184,390,144 | -HS- | M] () -- C:\hiberfil.sys [2010.09.13 22:15:38 | 000,524,288 | -HS- | M] () -- C:\Users\Jimmy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.13 22:15:38 | 000,065,536 | -HS- | M] () -- C:\Users\Jimmy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.13 22:04:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.13 21:58:52 | 000,000,625 | ---- | M] () -- C:\Users\Jimmy\Desktop\Spybot - Search & Destroy.lnk [2010.09.13 19:12:37 | 000,020,664 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\wklnhst.dat [2010.09.13 18:39:38 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.13 18:39:38 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.13 18:39:38 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.13 18:39:38 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.13 18:39:38 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.13 16:41:26 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5343E896-89C9-43C4-B38B-73BEB8CD58C2}.job [2010.09.13 00:40:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.12 23:12:03 | 002,008,924 | -H-- | M] () -- C:\Users\Jimmy\AppData\Local\IconCache.db [2010.09.12 21:35:44 | 000,000,036 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\housecall.guid.cache [2010.09.12 21:32:56 | 001,913,032 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jimmy\Desktop\HousecallLauncher.exe [2010.09.12 21:06:04 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe [2010.09.12 21:01:33 | 314,891,564 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.09.12 20:58:40 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.12 17:00:16 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.09.10 13:06:14 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.09.08 14:59:42 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.09.05 18:55:25 | 000,049,152 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.05 18:11:58 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.08.22 15:05:57 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2010.08.21 15:11:16 | 000,363,520 | ---- | M] () -- C:\Users\Jimmy\Desktop\herbert.exe ========== Files Created - No Company Name ========== [2010.09.13 22:16:17 | 3184,390,144 | -HS- | C] () -- C:\hiberfil.sys [2010.09.13 21:43:23 | 000,000,625 | ---- | C] () -- C:\Users\Jimmy\Desktop\Spybot - Search & Destroy.lnk [2010.09.12 21:35:44 | 000,000,036 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\housecall.guid.cache [2010.09.12 20:58:40 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.12 20:38:09 | 000,363,520 | ---- | C] () -- C:\Users\Jimmy\Desktop\herbert.exe [2010.09.12 17:00:16 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.08.22 15:05:57 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2009.12.24 12:52:53 | 000,000,680 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\d3d9caps.dat [2009.12.06 17:27:42 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.12.06 17:27:41 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.12.06 17:27:37 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.12.06 17:27:37 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.12.06 17:27:36 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009.12.06 17:27:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.06 17:27:33 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.09.29 20:16:00 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.09.29 20:16:00 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\253D7348A0.sys [2009.09.23 19:36:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.22 23:48:19 | 000,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.09.19 16:29:42 | 000,049,152 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.18 14:09:02 | 000,020,664 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\wklnhst.dat [2009.09.17 22:44:20 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.28 08:50:54 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll [2009.07.23 04:36:52 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.07.23 04:36:52 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.07.23 04:36:51 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009.07.22 13:34:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.22 11:09:36 | 000,079,117 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.07.22 11:09:29 | 000,079,117 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.16 16:21:42 | 000,114,688 | ---- | C] () -- C:\Windows\System32\RagTimeSearch.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009.09.17 19:32:40 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\BullGuard [2010.04.08 20:25:42 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Template [2010.04.08 20:16:34 | 000,000,000 | ---D | M] -- C:\Users\Eva\AppData\Roaming\Windows Live Writer [2010.02.08 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\FileZilla [2009.12.03 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\RagTime [2009.09.18 14:09:12 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Template [2010.09.13 00:40:09 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.09.13 16:41:26 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5343E896-89C9-43C4-B38B-73BEB8CD58C2}.job [2010.09.13 22:35:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E0E42B1F-2849-4B8D-A516-D66190011D5C}.job ========== Purity Check ========== ========== Custom Scans ========== < etsvcs > < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.03 21:57:15 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Adobe [2010.06.04 10:29:41 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Corel [2010.06.04 10:33:55 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\CorelHomeOffice [2009.09.17 23:24:14 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\CyberLink [2010.07.25 12:03:48 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\DivX [2010.02.08 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\FileZilla [2009.09.17 11:13:42 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Identities [2009.09.17 12:34:34 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Media Center Programs [2009.12.06 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Media Player Classic [2010.05.23 14:59:41 | 000,000,000 | --SD | M] -- C:\Users\Jimmy\AppData\Roaming\Microsoft [2009.09.17 12:38:11 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Mozilla [2009.09.21 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Nero [2009.12.03 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\RagTime [2010.03.03 17:46:02 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Real [2010.05.23 14:48:43 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Skype [2010.05.23 10:03:19 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\skypePM [2009.09.18 14:09:12 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Template [2009.09.19 16:14:43 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.04.04 17:03:35 | 000,177,024 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\m0chm78r.default\FlashGot.exe [2010.06.17 13:54:59 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Jimmy\AppData\Roaming\Real\Update\setup3.10\setup.exe < %SYSTEMDRIVE%\*.exe > [2007.05.03 17:32:29 | 000,000,385 | ---- | M] () -- C:\10099.exe < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.03.11 16:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2009.03.11 16:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.03.11 16:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.09.22 23:48:19 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < End of report > Extras.TXT:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.09.2010 22:35:34 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Jimmy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 361,81 Gb Free Space | 83,46% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 17,55 Gb Free Space | 54,48% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,73 Gb Total Space | 0,64 Gb Free Space | 17,11% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JIMMY-PC
Current User Name: Jimmy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4163552127-872894075-1681724628-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058F3C86-7564-4988-905F-30B8E0CCAB33}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16EAF33A-D818-46CD-B250-F158D50ECEDA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1DAE327E-B0FF-49B6-A2D0-45383C543889}" = rport=445 | protocol=6 | dir=out | app=system |
"{2EC2817E-8F8A-4E16-B75E-0109F55D04AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{380412A6-5475-412B-9E2B-5EE0E1558B37}" = lport=137 | protocol=17 | dir=in | app=system |
"{3993375B-DCDD-4096-A783-58791490ADAD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{465B67F3-7036-4AE7-997D-7BBEA6344252}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B2F923E-AD3A-4872-928C-02C0640E8337}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BA183E2-D003-48A6-B6DF-5966A0751A49}" = lport=138 | protocol=17 | dir=in | app=system |
"{55D1877E-9DCC-4597-A5F6-0BA3B0C61094}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{58339FB5-C704-4D10-BF19-FDC1EC30BEEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{64D9DC43-2039-478E-A1CA-3F727E6BEE85}" = lport=445 | protocol=6 | dir=in | app=system |
"{64EFCFF8-0338-427B-9891-460AF89221C0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6B2465ED-128B-4B8D-B4C3-C9B5AEDFD2B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74799244-D050-4E71-9696-61B4E14656D1}" = rport=139 | protocol=6 | dir=out | app=system |
"{7A3AAD00-E780-46A9-B94C-5DF4ACE276BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{82999C3C-7B15-44BB-A766-8A1D24F30A7F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{865E4305-C836-4159-ACF5-B9229B83681E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9ECB82AC-BB76-4682-9214-32A3A7674027}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AAB9E97F-18C4-4B2F-8C20-1317833F3BCE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AED83EF6-ABEB-4011-AAD4-D8C3F806AC36}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B71CFBEA-71B9-4FAB-8079-C67B3CEE6CC5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDA8DD31-6B13-4230-8123-D1439E55DAF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D14ECBA1-A3F2-49C4-AE18-0E840556D2E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{D519CC83-7D29-4905-AE1D-A934CFB610ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{E474A8CC-E124-4CC5-AE67-BD8C3FE1EF20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6C2E02B-F99D-4610-9104-87E2FB8D43B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF8DB51D-DAE7-42AB-A88F-5359BA4FEAFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F3EEAFE0-140B-4C8B-B10C-854E9DF23E2B}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0694711B-11F4-40AB-A039-FCBCFD279830}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08C19248-BB11-4A7F-8F70-C90CA79805CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1039ECC3-8712-485F-A6E2-33AE1EAA8430}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{28C960FD-5978-4A3A-96A9-5BCBE7A8641E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CC4EEAF-45DB-4F93-BEB6-5C7A715A03A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{34E5B323-F847-46CF-B071-50B255A5635D}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{393481C9-82AF-4DF0-AA09-524517BB37EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3EBE6B19-49B3-4AF1-BD82-84E477ED08BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{490661A8-AE39-4A5A-8C97-6EC67D39019F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{499F371A-639B-4A50-9237-E84036051E4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B33745D-1083-48CF-82C1-F6E67127BC72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56557CD8-40BE-41F9-8070-BE4BC0B32B5F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{68EC4703-B90E-4AD2-B469-8CD6A0248B5F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{799981C2-B717-4CE2-8D7B-65BF31020349}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C89804A-D966-4884-BC6A-160F0D389CD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8155B751-9ACE-4E3F-BAD4-7342A7E22DC9}" = protocol=6 | dir=out | app=system |
"{8DF446B6-02DE-45FB-A088-4BC043AEB62C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{906AB818-50B9-4EB2-9C10-2F929C7BEEB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{94EA1FDE-E17B-4632-8AEC-771B64DEFB9F}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{9BBCFDF7-FFE6-425A-A2FF-D53807B81051}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C1E1F7CF-D18C-4ABD-BDC1-38AA86437463}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4E73B70-5D94-4F46-BCE3-E486E59CD402}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{CBC567D4-D312-40E7-8141-163169B5611D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD59E4F1-1D0D-4470-A210-A86848A1888C}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{EBC5C811-FF9F-40E9-BFC5-1C02BA6B5ACF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F1F6439C-DCE1-438A-9337-57F058ED78BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB5E1C9D-FA50-4A2C-A897-986B45FC6F49}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"TCP Query User{1E891177-9309-4930-8DAF-E29710B75A3D}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{6C563F4B-4247-4AE3-9028-E3656784DBE2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A9CF2462-977F-49D4-AE21-9E64AB58F141}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D4AC4E7A-649C-4904-A8BE-4C9A660B0B66}C:\program files\ragtime 6.5\win32\ragtime 6.5.exe" = protocol=6 | dir=in | app=c:\program files\ragtime 6.5\win32\ragtime 6.5.exe |
"TCP Query User{EC0C2A08-C515-481B-9DD9-EE330023273E}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EFBEA0EB-F981-4CEA-8C3A-478DB9F27E2A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{002077AC-EB14-41C0-8CB2-550C6800BDFF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{06FB32EE-04BE-43D1-95AD-BB7DF6F9E0D6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2E1C2AA2-FE3A-4243-BBCA-94798FB7002D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{3C209B25-EF52-4C3B-B9E2-1F2B5C276665}C:\program files\ragtime 6.5\win32\ragtime 6.5.exe" = protocol=17 | dir=in | app=c:\program files\ragtime 6.5\win32\ragtime 6.5.exe |
"UDP Query User{450007AD-1581-43AC-B2F9-57454A6510D7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7CA175F9-EDD1-4B23-8382-1570D8D8EB0C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC6A3E2-6EC3-412E-91AB-6F49301421A8}" = Connection Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99591F66-BBF6-4CC7-BC7C-8BB488BD2F9A}" = RagTime 6.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1EA0EB-0E03-407E-A8CB-35667746FEA8}" = Connection Manager
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AE9F7747-0350-4E02-B115-6A2C92F5FA54}" = Corel Home Office
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.17
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.0.1
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Win2day Poker" = Win2day Poker
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4163552127-872894075-1681724628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.09.2010 16:11:05 | Computer Name = Jimmy-PC | Source = EventSystem | ID = 4609
Description =
Error - 13.09.2010 16:11:30 | Computer Name = Jimmy-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.09.2010 16:14:36 | Computer Name = Jimmy-PC | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess C:\Windows\system32\lsm.exe ist fehlgeschlagen
mit den Statuscode 1. Der Computer muss neu gestartet werden.
Error - 13.09.2010 16:15:01 | Computer Name = Jimmy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 13.09.2010 16:16:37 | Computer Name = Jimmy-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 13.09.2010 16:17:02 | Computer Name = Jimmy-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 13.09.2010 16:17:08 | Computer Name = Jimmy-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.09.2010 16:17:10 | Computer Name = Jimmy-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 13.09.2010 16:36:16 | Computer Name = Jimmy-PC | Source = SPP | ID = 16387
Description =
[ Media Center Events ]
Error - 17.06.2010 14:50:49 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
Error - 17.06.2010 14:56:32 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
Error - 17.06.2010 14:56:37 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
Error - 17.06.2010 14:58:57 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
Error - 21.07.2010 14:04:11 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 53
Description = Ereignisinformationen: TV-Programmdienst: Unerwarteter Fehler. Der
TV-Programmlistendienst ist zurzeit nicht verfügbar. Wiederholen Sie den Vorgang
später. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 22.07.2010 16:06:35 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
Überprüfen Sie die Internetverbindungseinstellungen. Wenn die Verbindung über einen
Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgemäß
konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 23.07.2010 13:06:24 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 34
Description = Ereignisinformationen: Ermittlungsdienst: Unerwarteter Fehler. Der
TV-Programmlistendienst ist zurzeit nicht verfügbar. Wiederholen Sie den Vorgang
später. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 08.08.2010 14:13:05 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
Überprüfen Sie die Internetverbindungseinstellungen. Wenn die Verbindung über einen
Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgemäß
konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 08.08.2010 14:13:05 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
Überprüfen Sie die Internetverbindungseinstellungen. Wenn die Verbindung über einen
Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgemäß
konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 12.09.2010 12:10:58 | Computer Name = Jimmy-PC | Source = Media Center Guide | ID = 34
Description = Ereignisinformationen: Ermittlungsdienst: Unerwarteter Fehler. Der
TV-Programmlistendienst ist zurzeit nicht verfügbar. Wiederholen Sie den Vorgang
später. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton
[ System Events ]
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 13.09.2010 16:11:54 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 13.09.2010 16:16:24 | Computer Name = Jimmy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.09.2010 um 22:14:13 unerwartet heruntergefahren.
Error - 13.09.2010 16:17:09 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.09.2010 16:17:09 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 13.09.2010 16:17:09 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 13.09.2010 16:17:10 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
|
|
13.09.2010, 21:58
| #4 |
| | Virus stört Firefox und alle Antivirus Progs. Vielleicht hilft auch das weiter: Mir fällt auf das sich in unregelmäßigen Abständen Firefox mit Yahoo öffnet ohne das man was macht. Lg |
|
14.09.2010, 11:09
| #5 |
| /// Malware-holic | Virus stört Firefox und alle Antivirus Progs. deinstaliere spybot, es stört die reinigung. starte neu. deinstaliere adaware, nutzt die gleiche engine wie avira, starte neu. toolbars sind ein sicherheitsrisiko, und machen den browser langsamer, deinstaliere: windows live toolbar. • Starte bitte die OTL.exe. • Kopiere nun das Folgende in die Textbox. :OTL DRV - (WPN111) -- C:\Windows\System32\DRIVERS\WPN111v.sys File not found DRV - (Trufos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys File not found DRV - (Profos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEFv=18q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O33 - MountPoints2\{4648e6e7-bf44-11df-a0fc-001f162806af}\Shell\AutoRun\command - "" = I:\Startme.exe -- File not found O33 - MountPoints2\{6f1c4ab6-a369-11de-8f38-001f162806af}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{ccefcf2e-e409-11de-846c-001f162806af}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found O33 - MountPoints2\{dd53f965-a7c1-11de-8551-001f162806af}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found :Files :Commands [purity] [resethosts] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
14.09.2010, 19:03
| #6 |
| | Virus stört Firefox und alle Antivirus Progs. All processes killed ========== OTL ========== Service WPN111 stopped successfully! Service WPN111 deleted successfully! File C:\Windows\System32\DRIVERS\WPN111v.sys File not found not found. Service Trufos stopped successfully! Service Trufos deleted successfully! File C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys File not found not found. Service Profos stopped successfully! Service Profos deleted successfully! File C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys File not found not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found. Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename Prefs.js: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEFv=18q=" removed from browser.search.defaulturl Prefs.js: "Fast Browser Search" removed from browser.search.order.1 Prefs.js: "Fast Browser Search" removed from browser.search.selectedEngine Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LMgrOSD deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4648e6e7-bf44-11df-a0fc-001f162806af}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4648e6e7-bf44-11df-a0fc-001f162806af}\ not found. File I:\Startme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f1c4ab6-a369-11de-8f38-001f162806af}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f1c4ab6-a369-11de-8f38-001f162806af}\ not found. File G:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccefcf2e-e409-11de-846c-001f162806af}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccefcf2e-e409-11de-846c-001f162806af}\ not found. File G:\Setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd53f965-a7c1-11de-8551-001f162806af}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd53f965-a7c1-11de-8551-001f162806af}\ not found. File F:\Setup.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. ========== FILES ========== ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User: Default User User: Eva ->Flash cache emptied: 1462 bytes User: Jimmy ->Flash cache emptied: 46449 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes |
|
14.09.2010, 19:06
| #7 |
| /// Malware-holic | Virus stört Firefox und alle Antivirus Progs. das ist nicht komplett |
|
14.09.2010, 21:16
| #8 |
| | Virus stört Firefox und alle Antivirus Progs. Dieses File kommt aber nach dem Neustart nachdem ich auf "Run Fix" geklickt hab. |
|
14.09.2010, 21:31
| #9 |
| | Virus stört Firefox und alle Antivirus Progs. ComboFix lässt sich nicht starten.... weder im Normal noch im abgesicherten Modus. Lg |
|
15.09.2010, 10:48
| #10 |
| /// Malware-holic | Virus stört Firefox und alle Antivirus Progs. lösche combofix.exe lad es erneut runter, rechtsklick auf den download link, ziehl speichern unter, lösche den namen combofix.exe und benenne es in 1123.com um starte es dann erneut. |
|
16.09.2010, 17:10
| #11 |
| | Virus stört Firefox und alle Antivirus Progs. Combofix Logfile: Code:
ATTFilter ComboFix 10-09-14.01 - Jimmy 16.09.2010 17:55:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3036.2216 [GMT 2:00]
ausgeführt von:: c:\users\Jimmy\Desktop\12345.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\10099.exe
Infizierte Kopie von c:\windows\system32\drivers\disk.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-16 bis 2010-09-16 ))))))))))))))))))))))))))))))
.
2010-09-16 16:06 . 2010-09-16 16:06 -------- d-----w- c:\users\Jimmy\AppData\Local\temp
2010-09-13 19:43 . 2010-09-14 20:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-13 19:43 . 2010-09-13 19:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-12 18:58 . 2010-09-15 10:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-12 15:01 . 2010-09-14 17:43 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-12 14:59 . 2010-09-14 17:43 -------- d-----w- c:\programdata\Lavasoft
2010-08-22 13:05 . 2010-08-22 13:20 -------- d-----w- c:\program files\JDownloader
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 15:53 . 2009-07-22 09:09 79117 ----a-w- c:\programdata\nvModes.dat
2010-09-16 15:52 . 2009-07-23 02:43 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-15 18:54 . 2009-09-18 12:09 21066 ----a-w- c:\users\Jimmy\AppData\Roaming\wklnhst.dat
2010-09-14 20:22 . 2009-09-17 09:14 88256 ----a-w- c:\users\Jimmy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-13 16:39 . 2009-07-22 16:39 623280 ----a-w- c:\windows\system32\perfh007.dat
2010-09-13 16:39 . 2009-07-22 16:39 125378 ----a-w- c:\windows\system32\perfc007.dat
2010-09-12 22:43 . 2010-02-28 20:18 -------- d-----w- c:\programdata\FLEXnet
2010-08-12 11:10 . 2009-07-22 13:27 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 11:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-25 10:03 . 2010-05-30 12:41 -------- d-----w- c:\users\Jimmy\AppData\Roaming\DivX
2010-06-26 06:05 . 2010-08-11 14:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 14:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-11 14:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-11 14:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 14:43 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 14:43 36864 ----a-w- c:\windows\system32\rtutils.dll
2009-09-29 18:18 . 2009-09-29 18:16 88 --sh--r- c:\windows\System32\253D7348A0.sys
2010-06-04 08:25 . 2009-09-29 18:16 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
2009-03-11 14:14 . 2009-03-11 14:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-08-22 307200]
"SpybotSD TeaTimer"="g:\spybot - search & destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-29 450660]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-04-10 191488]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-07-07 343552]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2009-08-05 413696]
"Z810SysStart"="c:\program files\Connection Manager\sysctrl.exe" [2008-08-22 307200]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-22 21:55 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2009-02-25 12:40 218408 ------w- c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-02-22 09:40 207504 ----a-w- c:\program files\pdf24\pdf24.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 21:54 50472 ------w- c:\program files\HomeCinema\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-09-02 13:27 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-29 13:51 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2uvc]
2008-08-28 13:03 233472 ----a-w- c:\windows\tsnp2uvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-19 20:16 222504 ------w- c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810PNP]
2008-10-09 21:37 118784 ----a-w- c:\program files\Connection Manager\SamsungPnPServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4163552127-872894075-1681724628-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca3bd359d9d810;Google Update Service (gupdate1ca3bd359d9d810);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 133104]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 fspad_wlh32;Finger-sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-06-17 41984]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-03-04 113152]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-09-22 716272]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-03-12 113504]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-07-27 508416]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 22:23]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 22:23]
2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{5343E896-89C9-43C4-B38B-73BEB8CD58C2}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{E0E42B1F-2849-4B8D-A516-D66190011D5C}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
FF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\m0chm78r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={B264E225-5D95-4611-67ED-51BC5777389A}&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-16 18:06
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe?????????}????????????l??????@??t????}???????????}???????r??v>???}???????????}??????????????????????v???? ??v?m?????????va??v?%??????>???????$???????????????p??????????????v???v????????????????????????L???-R?v
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Z810SysStart = c:\program files\Connection Manager\sysctrl.exe?????????}????????????l??????@??t????}???????????}???????r??v>???}???????????}??????????????????????v???? ??v?m?????????va??v?%??????>???????$???????????????p??????????????v???v????????????????????????L???-R?v
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-16 18:08:41
ComboFix-quarantined-files.txt 2010-09-16 16:08
Vor Suchlauf: 7 Verzeichnis(se), 423.336.833.024 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 423.274.045.440 Bytes frei
- - End Of File - - 4524F6ED3170B4C7D4C269F13CE865EA
|
|
16.09.2010, 17:20
| #12 |
| /// Malware-holic | Virus stört Firefox und alle Antivirus Progs. rechtsklick avira schirm, guard deaktivieren. öffne mein computer, c: qoobox rechtsklick auf quarantain und zu quarantain.zip oder rar hinzufügen. das archiv hochladen: http://www.trojaner-board.de/54791-a...ner-board.html deinstaliere spybot, starte neu. download malwarebytes. http://www.trojaner-board.de/51187-anleitung-malwarebytes-anti-malware.html instalieren, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme, auch avira aus, trenne die internetverbindung. registerkarte scanner, komplett scan, funde löschen, avira + internet ein, log posten. |
|
16.09.2010, 20:01
| #13 |
| | Virus stört Firefox und alle Antivirus Progs. Datei Upload hab ich so ausgeführt wie in der Anleitung beschrieben. Weiß aber nicht ob des funktioniert hat. Firefox funzt wieder ganz normal! Nachmals vielen Dank für deine Unterstützung! Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4629 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 16.09.2010 20:57:17 mbam-log-2010-09-16 (20-57-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 304834 Laufzeit: 1 Stunde(n), 21 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
16.09.2010, 20:03
| #14 |
| /// Malware-holic | Virus stört Firefox und alle Antivirus Progs. das ist ja schon mal n anfang avira http://www.trojaner-board.de/54192-a...tellungen.html avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. |
|
| Themen zu Virus stört Firefox und alle Antivirus Progs. |
| adware, antivir, antivirus, bedanken, e-mail, firefox, lap top, malwarebytes, ordner, plagegeist, problem, programm, progs, recycle.bin, scan, sobald, sofort, software, stürtzt, stürzen, sämtliche, viren, virus, vista, website, wenige, win, win vista |
Linear-Darstellung
