| |
| |||||||
Log-Analyse und Auswertung: Infizierung mit SSHNAS ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.09.2010, 00:36
| #1 |
| |  Infizierung mit SSHNAS ? Hallo liebes Forum, ich hab in der Vergangenheit schon öfter in eurem Forum Denkanstöße gesucht. Jetzt muss ich mich doch mal hier anmelden. Ich habe im eventlog folgendes Ereigniss gefunden: <Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: Das angegebene Modul wurde nicht gefunden.> SSHNAS ist in diversen Foren als Trojaner verschriehen. Ich bin mir nun nicht sicher, ob sich dieser Schädling noch auf meinem PC befindet, oder ob es noch ein Rest von einer zurückliegenden Infektion ist (was mich dann allerdings auch ins Grübeln bringen sollte ^^). Ich hoffe ich bin mit diesem Problem im richtigen Forenteil. Mein hijackthislog sieht folgendermaßen aus: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:14:35, on 19.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Programme\McAfee.com\Agent\mcagent.exe D:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\regedit.exe D:\Programme\Mozilla Firefox\plugin-container.exe E:\My Documents\DOWNLOADS\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20100806012813.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Programme\RivaTuner v2.24\RivaTuner.exe" /S O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [mcui_exe] "C:\Programme\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programme\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programme\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - f:\PartyGaming\PartyCasino\RunApp.exe O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - f:\PartyGaming\PartyCasino\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: hxxp://asia.msi.com.tw O15 - Trusted Zone: hxxp://global.msi.com.tw O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: acaptuser32.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: McAfee Personal Firewall-Dienst (McMPFSvc) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Programme\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe O23 - Service: NBService - Nero AG - D:\Programme\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Password Manager Pro (PMP) - Unknown owner - d:\Programme\PMP\bin\wrapper.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 8610 bytes Ich hoffe das Log ist soweit vollständig. Vielen Dank schon mal im Vorraus. MfG Herr Kerian |
|
20.09.2010, 09:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infizierung mit SSHNAS ?__________________
__________________ |
|
20.09.2010, 17:45
| #3 |
| | Infizierung mit SSHNAS ? Ich hab mal nen Vollscan laufen lassen.
__________________So langsam frage ich mich, wieso ich überhaupt ein kostenpflichtiges Antivirenprogramm habe. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4655 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 20.09.2010 18:36:03 mbam-log-2010-09-20 (18-36-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|K:\|) Durchsuchte Objekte: 666661 Laufzeit: 2 Stunde(n), 25 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XA5RJ9EADJ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Nun noch das neue HijackThis Log. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:42:49, on 20.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Programme\McAfee.com\Agent\mcagent.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe D:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE E:\My Documents\DOWNLOADS\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20100806012813.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [mcui_exe] "C:\Programme\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programme\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programme\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - f:\PartyGaming\PartyCasino\RunApp.exe O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - f:\PartyGaming\PartyCasino\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: hxxp://asia.msi.com.tw O15 - Trusted Zone: hxxp://global.msi.com.tw O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: acaptuser32.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: McAfee Personal Firewall-Dienst (McMPFSvc) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Programme\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe O23 - Service: NBService - Nero AG - D:\Programme\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 7816 bytes Soll ich Anti-Malware noch mal laufen lassen? MfG Kerian |
|
20.09.2010, 18:22
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit SSHNAS ? Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.09.2010, 18:57
| #5 |
| | Infizierung mit SSHNAS ? Done. OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.09.2010 19:29:02 - Run 1 OTL by OldTimer - Version 3.2.14.0 Folder = E:\My Documents\DOWNLOADS Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): D:\pagefile.sys 2048 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 11,83 Gb Free Space | 24,22% Space Free | Partition Type: NTFS Drive D: | 58,59 Gb Total Space | 32,85 Gb Free Space | 56,06% Space Free | Partition Type: NTFS Drive E: | 172,04 Gb Total Space | 28,82 Gb Free Space | 16,75% Space Free | Partition Type: NTFS Drive F: | 97,65 Gb Total Space | 20,79 Gb Free Space | 21,29% Space Free | Partition Type: NTFS Drive G: | 181,82 Gb Total Space | 64,71 Gb Free Space | 35,59% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 244,14 Gb Total Space | 172,56 Gb Free Space | 70,68% Space Free | Partition Type: NTFS Computer Name: KERIAN Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\My Documents\DOWNLOADS\OTL.exe (OldTimer Tools) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - K:\League of Legends\Air\LolClient.exe (Adobe Systems Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - c:\Programme\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.) PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) PRC - K:\League of Legends\lol.launcher.exe (Solid State Networks) PRC - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - E:\My Documents\DOWNLOADS\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PMP) -- d:\Programme\PMP\bin\wrapper.exe File not found SRV - (mfefire) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (McProxy) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (NBService) -- D:\Programme\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SetupNTGLM7X) -- H:\NTGLM7X.sys File not found DRV - (NTACCESS) -- H:\NTACCESS.sys File not found DRV - (GMSIPCI) -- L:\INSTALL\GMSIPCI.SYS File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (cpuz130) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz130\cpuz_x32.sys File not found DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys () DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.) DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.) DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys (Your Corporation) DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys (Your Corporation) DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys () DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (VBoxDrv) -- C:\WINDOWS\system32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.) DRV - (VBoxNetFlt) -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.) DRV - (VBoxUSBMon) -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (LGBusEnum) -- C:\WINDOWS\system32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (RivaTuner32) -- d:\Programme\RivaTuner v2.24\RivaTuner32.sys () DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC) DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\WINDOWS\system32\drivers\SilvrLnk.sys (Texas Instruments Incorporated) DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH) DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.09.17 09:07:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.09.17 09:07:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.09.16 21:24:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2010.08.20 08:27:17 | 000,000,000 | ---D | M] [2010.09.09 22:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.09.09 22:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.19 21:34:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions [2010.09.12 12:47:00 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.01.21 20:32:37 | 000,000,000 | ---D | M] (4chan) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.04.22 22:35:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.06.13 16:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\xln8svww.default\extensions\battlefieldheroespatcher@ea.com O1 HOSTS File: ([2009.06.14 19:47:23 | 000,000,850 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.1.1 activate.adobe.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20100806012813.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Launch LCDMon] C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - d:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - f:\PartyGaming\PartyCasino\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - f:\PartyGaming\PartyCasino\RunApp.exe () O15 - HKCU\..Trusted Domains: com ([www.msi] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.07 00:11:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.11.16 01:06:21 | 000,205,576 | ---- | M] () - F:\AUTO.pat -- [ NTFS ] O32 - AutoRun File - [2009.11.16 01:06:21 | 000,013,192 | ---- | M] () - F:\AUTO.pst -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.20 10:54:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2010.09.20 10:54:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.20 10:54:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.20 10:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.09.20 06:56:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2010.09.10 15:48:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Auslogics [2010.08.30 00:15:33 | 000,000,000 | ---D | C] -- C:\Programme\Veoh Networks [2010.08.29 23:27:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.29 23:27:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.29 23:27:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.29 23:27:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.20 18:38:23 | 000,001,585 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee AntiVirus Plus.lnk [2010.09.20 18:38:19 | 000,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.09.20 18:37:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.20 18:36:24 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2010.09.20 18:36:24 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2010.09.20 07:03:37 | 000,000,558 | ---- | M] () -- C:\WINDOWS\win.ini [2010.09.20 07:03:37 | 000,000,255 | ---- | M] () -- C:\WINDOWS\system.ini [2010.09.20 07:03:37 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.09.19 21:21:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.15 23:39:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.09.12 17:32:53 | 000,189,480 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010.09.12 16:20:58 | 000,137,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.09.12 16:18:49 | 000,139,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys [2010.09.12 16:18:27 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe [2010.09.05 14:33:33 | 000,001,351 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\DivX Movies.lnk [2010.08.30 21:16:26 | 000,060,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.30 21:09:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.08.29 23:24:10 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk [2010.08.29 23:22:42 | 000,001,594 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.29 23:24:10 | 000,000,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk [2010.08.01 03:36:03 | 000,415,752 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-823518204-115176313-839522115-500-0.dat [2010.07.29 00:27:15 | 000,284,938 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2010.07.11 15:14:37 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010.04.28 17:51:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.02.03 23:22:32 | 000,000,241 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2009.09.30 13:08:17 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009.09.30 13:08:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009.09.30 13:08:15 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009.09.30 13:08:15 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.09.30 13:08:15 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.09.30 13:08:14 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.09.30 13:08:14 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.09.11 14:14:47 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.09.11 14:14:46 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.07.21 15:02:36 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009.07.17 16:38:26 | 000,000,263 | ---- | C] () -- C:\WINDOWS\game.ini [2009.07.10 23:03:46 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.07.10 22:38:47 | 000,139,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys [2009.03.07 15:51:02 | 000,000,104 | ---- | C] () -- C:\WINDOWS\wiso.ini [2009.02.28 01:08:51 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.02.07 17:26:26 | 000,060,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007.04.03 17:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2007.04.03 17:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.09.2010 19:29:02 - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = E:\My Documents\DOWNLOADS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): D:\pagefile.sys 2048 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 11,83 Gb Free Space | 24,22% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 32,85 Gb Free Space | 56,06% Space Free | Partition Type: NTFS
Drive E: | 172,04 Gb Total Space | 28,82 Gb Free Space | 16,75% Space Free | Partition Type: NTFS
Drive F: | 97,65 Gb Total Space | 20,79 Gb Free Space | 21,29% Space Free | Partition Type: NTFS
Drive G: | 181,82 Gb Total Space | 64,71 Gb Free Space | 35,59% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 244,14 Gb Total Space | 172,56 Gb Free Space | 70,68% Space Free | Partition Type: NTFS
Computer Name: KERIAN
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6892:TCP" = 6892:TCP:*:Enabled:League of Legends Launcher
"6892:UDP" = 6892:UDP:*:Enabled:League of Legends Launcher
"6946:TCP" = 6946:TCP:*:Enabled:League of Legends Launcher
"6946:UDP" = 6946:UDP:*:Enabled:League of Legends Launcher
"6987:TCP" = 6987:TCP:*:Enabled:League of Legends Launcher
"6987:UDP" = 6987:UDP:*:Enabled:League of Legends Launcher
"6909:TCP" = 6909:TCP:*:Enabled:League of Legends Launcher
"6909:UDP" = 6909:UDP:*:Enabled:League of Legends Launcher
"6984:TCP" = 6984:TCP:*:Enabled:League of Legends Launcher
"6984:UDP" = 6984:UDP:*:Enabled:League of Legends Launcher
"6959:TCP" = 6959:TCP:*:Enabled:League of Legends Launcher
"6959:UDP" = 6959:UDP:*:Enabled:League of Legends Launcher
"6897:TCP" = 6897:TCP:*:Enabled:League of Legends Launcher
"6897:UDP" = 6897:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Miranda IM\miranda32.exe" = D:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"F:\SecondLife\SLVoice.exe" = F:\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- File not found
"F:\Left4Dead\left4dead.exe" = F:\Left4Dead\left4dead.exe:*:Enabled:left4dead -- ()
"F:\Steam\steamapps\common\buccaneer demo\Buccaneer.exe" = F:\Steam\steamapps\common\buccaneer demo\Buccaneer.exe:*:Enabled:Buccaneer: The Pursuit of Infamy Demo -- File not found
"F:\BattleForge\Bootstrapper.exe" = F:\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher -- (EA Phenomic)
"F:\BattleForge\BattleForge.exe" = F:\BattleForge\BattleForge.exe:*:Enabled:BattleForge™ -- (EA Phenomic)
"F:\Battlefield 2\BF2.exe" = F:\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- File not found
"F:\COD4\iw3mp.exe" = F:\COD4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"F:\World in Conflict\wic.exe" = F:\World in Conflict\wic.exe:*:Enabled:World in Conflict -- (Massive Entertainment)
"F:\World in Conflict\wic_online.exe" = F:\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only -- (Massive Entertainment)
"F:\World in Conflict\wic_ds.exe" = F:\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server -- ()
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"F:\ANNO 1404\Anno4.exe" = F:\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- ()
"F:\ANNO 1404\tools\Anno4Web.exe" = F:\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno 1404 Web -- ()
"F:\Steam\steamapps\common\left 4 dead\left4dead.exe" = F:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- File not found
"F:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = F:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- File not found
"F:\heroes in the sky\HIS.exe" = F:\heroes in the sky\HIS.exe:*:Enabled:his -- File not found
"G:\Steam\Steam.exe" = G:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"K:\Battlefield Bad Company 2\BFBC2Updater.exe" = K:\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"K:\League of Legends\Air\LolClient.exe" = K:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"K:\League of Legends\Game\League of Legends.exe" = K:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"G:\Steam\steamapps\common\league of legends\Air\LolClient.exe" = G:\Steam\steamapps\common\league of legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"G:\Steam\steamapps\common\league of legends\Game\League of Legends.exe" = G:\Steam\steamapps\common\league of legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"G:\Steam\steamapps\common\guild wars\Gw.exe" = G:\Steam\steamapps\common\guild wars\Gw.exe:*:Enabled:Guild Wars: Trilogy -- (ArenaNet)
"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"G:\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe" = G:\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
"G:\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe" = G:\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
"G:\Steam\steamapps\common\aliens vs predator\AvP.exe" = G:\Steam\steamapps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
"G:\Steam\steamapps\common\arsenal of democracy\aodgame.exe" = G:\Steam\steamapps\common\arsenal of democracy\aodgame.exe:*:Enabled:Arsenal of Democracy -- (BL-Logic)
"C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe" = C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe" = C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"D:\Programme\Sony Ericsson\Update Service\Update Service.exe" = D:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"G:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = G:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"G:\Steam\steamapps\common\mountblade warband\mb_warband.exe" = G:\Steam\steamapps\common\mountblade warband\mb_warband.exe:*:Enabled:Mount and Blade: Warband -- ( Taleworlds Entertainment)
"G:\Steam\steamapps\common\left 4 dead\left4dead.exe" = G:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"G:\Steam\steamapps\herrkerian\counter-strike source\hl2.exe" = G:\Steam\steamapps\herrkerian\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"G:\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe" = G:\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3 -- ()
"K:\League of Legends\lol.launcher.exe" = K:\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- (Solid State Networks)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{516A594B-FEFF-4521-B857-69809AB266FF}" = VC8&9 CRT and ATL
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7C2E4E9B-0B88-48B6-B7B0-E3F3DF0A239D}" = GameSpy Comrade
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A33CE67-80FB-4469-9ED1-E5D116391F68}_is1" = Moras Ausrüstungsplaner
"{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}" = ASAPI
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{948B09C2-16EF-41DC-8E24-5C90B9D8360F}" = Sun VirtualBox
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2: Complete Collection
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AFC4FEEE-6E08-4CC9-815E-5CEDF2C15E2E}_is1" = Terminplaner .Net
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5D1668-B89A-44DF-9B3F-A961C4B87534}" = Simpleuploader 2.0
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Alt.Binz" = Alt.Binz 0.25.0
"Arsenal of Democracy_is1" = Arsenal of Democracy
"ASAPI Update" = ASAPI Update
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.05
"Audacity_is1" = Audacity 1.2.6
"Catan Online Welt" = Catan Online Welt
"City Life Deluxe" = City Life Deluxe
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DAOCCharplan" = DAOC-Charplan
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"EA Download Manager" = EA Download Manager
"FinePrint" = FinePrint
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps (remove only)
"Free Audio Dub_is1" = Free Audio Dub version 1.6
"Guild Wars" = GUILD WARS
"HD Tune_is1" = HD Tune 2.55
"ie8" = Windows Internet Explorer 8
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Mp3tag" = Mp3tag v2.43
"MSC" = McAfee AntiVirus Plus
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PartyCasino" = PartyCasino
"PartyPoker" = PartyPoker
"Plus500" = Plus500
"pro-Plan_is1" = pro-Plan 5.0.1.23
"pro-SiGe_is1" = pro-SiGe 4.0.0.6
"PunkBusterSvc" = PunkBuster Services
"RenSim_is1" = RenSim 3
"RivaTuner" = RivaTuner v2.24
"Security Task Manager" = Security Task Manager 1.7h
"Stargate Resistance" = Stargate Resistance
"Steam App 10680" = Aliens vs Predator
"Steam App 13140" = America's Army 3
"Steam App 20590" = League of Legends
"Steam App 29620" = Guild Wars: Trilogy
"Steam App 42850" = Arsenal of Democracy
"Steam App 48700" = Mount and Blade: Warband
"Steinberg WaveLab 4.0f" = Steinberg WaveLab 4.0f
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.0
"Warhammer Online: Age of Reckoning_is1" = Warhammer Online: Age of Reckoning
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.2.1
"WORD" = Microsoft Office Word 2007
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DAoC Portal" = DAoC Portal
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.07.2010 05:47:35 | Computer Name = KERIAN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 11.07.2010 08:20:36 | Computer Name = KERIAN | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 11.07.2010 08:20:36 | Computer Name = KERIAN | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 11.07.2010 08:20:51 | Computer Name = KERIAN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 11.07.2010 08:36:47 | Computer Name = KERIAN | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 11.07.2010 08:36:47 | Computer Name = KERIAN | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 11.07.2010 08:37:03 | Computer Name = KERIAN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 11.07.2010 08:58:43 | Computer Name = KERIAN | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 11.07.2010 08:58:43 | Computer Name = KERIAN | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 11.07.2010 08:58:58 | Computer Name = KERIAN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
[ System Events ]
Error - 18.09.2010 14:27:54 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Password Manager Pro" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 18.09.2010 14:27:54 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126
Error - 18.09.2010 19:01:32 | Computer Name = KERIAN | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "helpsvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
Error - 19.09.2010 15:22:41 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 19.09.2010 15:22:41 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126
Error - 20.09.2010 00:49:37 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 20.09.2010 00:49:37 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126
Error - 20.09.2010 01:06:37 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 20.09.2010 01:06:37 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126
Error - 20.09.2010 12:39:06 | Computer Name = KERIAN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Treiber für parallelen Anschluss" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
< End of report >
|
|
20.09.2010, 20:57
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit SSHNAS ? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - AutoRun File - [2009.11.16 01:06:21 | 000,205,576 | ---- | M] () - F:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2009.11.16 01:06:21 | 000,013,192 | ---- | M] () - F:\AUTO.pst -- [ NTFS ]
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Infizierung mit SSHNAS ? |
|
20.09.2010, 23:20
| #7 |
| | Infizierung mit SSHNAS ? Und auch damit bin ich durch. Danke übrigends schon mal, für die flotte Unterstützung. ^^ All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. F:\AUTO.pat moved successfully. F:\AUTO.pst moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 172713737 bytes ->Temporary Internet Files folder emptied: 22987218 bytes ->Java cache emptied: 50195439 bytes ->FireFox cache emptied: 60202103 bytes ->Google Chrome cache emptied: 6068108 bytes ->Flash cache emptied: 111927 bytes User: Alexander ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1335050 bytes ->Flash cache emptied: 567 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2490685 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 302,00 mb OTL by OldTimer - Version 3.2.14.0 log created on 09212010_001556 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
21.09.2010, 10:34
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit SSHNAS ? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
Linear-Darstellung
