|
Log-Analyse und Auswertung: ohon.exe - IgortuWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.09.2010, 14:29 | #1 |
| ohon.exe - Igortu Hi, mein Rechner hatte heute seltsame Anwandlungen die unter anderem "drwtsn.exe" und "explorer.exe" abgeschossen haben. Hijackthis hat das ergeben: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:27:45, on 27.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SuRun.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\GIGABYTE\EnergySaver\GSvr.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\SuRun.exe C:\WINDOWS\WebCam\M1000\M1000Mnt.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\System32\alg.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe F:\Downloads\utorrent.exe E:\Programme\Mozilla Firefox 3.1 Beta 2\plugin-container.exe C:\Programme\Trillian\trillian.exe E:\Programme\Mozilla Firefox 3.1 Beta 2\firefox.exe E:\Programme\Mozilla Firefox 3.1 Beta 2\plugin-container.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\explorer.exe E:\Programme\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [M1000Mnt] Rundll32.exe M1000Rmv.dll,WinMainRmv /StartStillMnt O4 - HKLM\..\Run: [SuRun Systemmenü-Erweiterung] C:\WINDOWS\SuRun.exe /SYSMENUHOOK O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [{C511FC26-AFDE-CF6A-99AC-0F4C6EB59608}] "C:\Dokumente und Einstellungen\Windows Benutzername\Anwendungsdaten\Igortu\ohon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Dokumente und Einstellungen\Windows Benutzername\Anwendungsdaten\ICQ\Application\ICQ7.2\ICQ.exe (HKCU) O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Dokumente und Einstellungen\Windows Benutzername\Anwendungsdaten\ICQ\Application\ICQ7.2\ICQ.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: hxxp://co115w.col115.mail.live.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: SuRun - C:\WINDOWS\SuRunExt.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Programme\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: NMSAccessU - Unknown owner - e:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Super User Run (SuRun) Service - hxxp://kay-bruns.de - C:\WINDOWS\SuRun.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 7526 bytes besonders aufgefallen ist mir dabei der Prozess "ohon.exe" unter "Igortu" in den Anwendungsdaten.. es gibt kein "Was ist das?" im Internet, von daher wundere ich mich, was das sein könnte.. Antivir findet nichts, ad-aware findet nichts.. Hat jemand eine Idee? |
27.09.2010, 14:35 | #2 |
/// Malware-holic | ohon.exe - Igortu bitte keine scans mehr durchführen, außer die von mir genannten und nichts löschen
__________________ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide |
27.09.2010, 14:44 | #3 |
| ohon.exe - Igortu OTL:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 27.09.2010 15:37:18 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = F:\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 14,65 Gb Total Space | 1,80 Gb Free Space | 12,26% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 195,31 Gb Total Space | 181,60 Gb Free Space | 92,98% Space Free | Partition Type: NTFS Drive F: | 386,21 Gb Total Space | 87,85 Gb Free Space | 22,75% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 359,30 Gb Free Space | 38,57% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Username Current User Name: Username Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - F:\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - F:\Downloads\utorrent.exe (BitTorrent, Inc.) PRC - E:\Programme\Mozilla Firefox 3.1 Beta 2\firefox.exe (Mozilla Corporation) PRC - E:\Programme\Mozilla Firefox 3.1 Beta 2\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\WINDOWS\SuRun.exe (hxxp://kay-bruns.de) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\GIGABYTE\EnergySaver\GSvr.exe () PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\WebCam\M1000\M1000Mnt.exe (ALi) PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - F:\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Pml Driver HPZ12) -- C:\WINDOWS\System32\HPZipm12.exe File not found SRV - (gupdate) Google Update Service (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Super User Run (SuRun) Service) Super User Run (SuRun) -- C:\WINDOWS\SuRun.exe (hxxp://kay-bruns.de) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccessU) -- e:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (NIHardwareService) -- C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (GEST Service) -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe () ========== Driver Services (SafeList) ========== DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\B.tmp File not found DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (Applied Networking Inc.) DRV - (SAVRKBootTasks) -- C:\WINDOWS\system32\SAVRKBootTasks.sys (Sophos Plc) DRV - (FlashUSB) -- C:\WINDOWS\system32\drivers\FlashUsb.sys (Danish Wireless Design A/S) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RivaTuner32) -- e:\Programme\RivaTuner v2.24\RivaTuner32.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\GcKernel.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.) DRV - (M1000Srv) -- C:\WINDOWS\system32\drivers\M1000KNT.sys () DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-117609710-152049171-725345543-1003\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.) IE - HKU\S-1-5-21-117609710-152049171-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.boardclub.net/index.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC}:0.7 FF - prefs.js..network.proxy.no_proxies_on: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: E:\Programme\Mozilla Firefox 3.1 Beta 2\components [2010.09.16 20:44:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: E:\Programme\Mozilla Firefox 3.1 Beta 2\plugins [2010.09.16 20:44:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: e:\Programme\Mozilla Sunbird\components [2010.02.09 19:33:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: e:\Programme\Mozilla Thunderbird\components [2010.09.25 15:16:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: e:\Programme\Mozilla Thunderbird\plugins [2010.08.22 23:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Extensions [2010.08.22 23:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009.03.06 19:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\085j5it8.default\extensions [2009.03.06 19:50:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\085j5it8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.03.06 19:50:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\085j5it8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.26 15:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions [2010.05.05 20:21:58 | 000,000,000 | ---D | M] (Show MyIP) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC} [2009.07.18 11:14:56 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2010.08.18 21:43:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.18 21:43:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.09 14:12:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.07.08 19:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\extensions\moveplayer@movenetworks.com [2010.02.09 19:33:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Sunbird\Profiles\pynd4a5c.default\extensions [2009.12.14 16:02:53 | 000,002,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\searchplugins\dictcc.xml [2009.08.12 15:40:12 | 000,001,163 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\searchplugins\memory-alpha-en.xml [2009.10.12 02:37:53 | 000,001,686 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\searchplugins\thepiratebayorg.xml [2008.08.24 18:38:37 | 000,001,143 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\searchplugins\wikipedia-en.xml [2008.08.24 18:38:27 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Profiles\nd5g71ka.default\searchplugins\youtube-video-search.xml O1 HOSTS File: ([2010.07.14 14:45:06 | 000,344,412 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 11806 more lines... O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKU\S-1-5-21-117609710-152049171-725345543-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [M1000Mnt] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SuRun Systemmenü-Erweiterung] C:\WINDOWS\SuRun.exe (hxxp://kay-bruns.de) O4 - HKU\S-1-5-21-117609710-152049171-725345543-1003..\Run: [{C511FC26-AFDE-CF6A-99AC-0F4C6EB59608}] C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Igortu\ohon.exe File not found O4 - HKU\S-1-5-21-117609710-152049171-725345543-1003..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O7 - HKU\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data] O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-117609710-152049171-725345543-1003\..Trusted Domains: live.com ([co115w.col115.mail] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\SuRun: DllName - SuRunExt.dll - C:\WINDOWS\SuRunExt.dll (hxxp://kay-bruns.de) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O28 - HKLM ShellExecuteHooks: {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - C:\WINDOWS\SuRunExt.dll (hxxp://kay-bruns.de) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.05 23:56:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{175195c6-b559-11df-a981-001fd08e8d9e}\Shell - "" = AutoRun O33 - MountPoints2\{175195c6-b559-11df-a981-001fd08e8d9e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{175195c6-b559-11df-a981-001fd08e8d9e}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found O33 - MountPoints2\{e69389ac-6ade-11de-a7be-001fd08e8d9e}\Shell - "" = AutoRun O33 - MountPoints2\{e69389ac-6ade-11de-a7be-001fd08e8d9e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e69389ac-6ade-11de-a7be-001fd08e8d9e}\Shell\AutoRun\command - "" = H:\HL2UE_setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - Services: "gupdate" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^web'n'walk Manager.lnk - C:\PROGRA~1\T-Mobile\WEB'N'~1\WEB'N'~1.EXE - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - E:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: HotKey - hkey= - key= - C:\Programme\HotKey\Hotkey.exe (KYE SYSTEMS CORP.) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - E:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RGSC - hkey= - key= - e:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) MsConfig - StartUpReg: RunMSetup - hkey= - key= - C:\DOKUME~1\VALENT~1\LOKALE~1\Temp\pft2F.tmp\MSetup.exe File not found MsConfig - StartUpReg: Steam - hkey= - key= - E:\Programme\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: {C511FC26-AFDE-CF6A-99AC-0F4C6EB59608} - hkey= - key= - C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Igortu\ohon.exe File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WdfLoadGroup - SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: WdfLoadGroup - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183528496136192) ========== Files/Folders - Created Within 30 Days ========== [2010.09.27 09:28:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Username \Recent [2010.09.26 22:47:35 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys [2010.09.26 17:43:20 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010.09.26 17:43:17 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.09.26 17:40:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\Sunbelt Software [2010.09.26 17:40:20 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010.09.26 17:39:58 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.09.26 17:39:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2010.09.22 15:51:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\vlc [2010.09.14 16:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance [2010.09.14 16:43:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\Microsoft Corporation [2010.09.13 17:36:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\LucasArts [2010.09.07 18:03:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\LolClient [2010.09.06 23:01:19 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2010.09.06 23:00:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe AIR [2010.09.06 22:37:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\PMB Files [2010.09.06 22:37:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2010.09.06 22:36:50 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks [2010.09.03 14:20:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Username \Desktop\StarCraft II [2010.09.03 14:12:55 | 000,000,000 | ---D | C] -- C:\Programme\StarCraft II [2002.04.11 09:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.27 15:35:23 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.09.27 15:32:17 | 015,204,352 | -H-- | M] () -- C:\Dokumente und Einstellungen\Username \NTUSER.DAT [2010.09.27 15:01:38 | 000,124,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.27 15:00:09 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2010.09.27 07:40:33 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys [2010.09.27 07:40:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.27 07:40:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.27 00:09:25 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Username \ntuser.ini [2010.09.26 21:22:40 | 000,000,741 | ---- | M] () -- C:\WINDOWS\win.ini [2010.09.26 21:22:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.09.26 21:22:40 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.09.26 20:45:24 | 000,033,865 | ---- | M] () -- f:\Eigene Dateien\1-4d0c9212021b5eb5355e929b2af0eda5.jpg [2010.09.26 17:43:17 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010.09.26 17:40:16 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2010.09.24 22:46:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.08 17:28:20 | 000,000,536 | ---- | M] () -- C:\WINDOWS\eReg.dat [2010.09.06 23:00:19 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk [2010.09.06 22:01:00 | 000,000,565 | ---- | M] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\myMPQ.ini [2010.09.03 14:09:25 | 000,000,609 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II.lnk [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.26 20:45:24 | 000,033,865 | ---- | C] () -- f:\Eigene Dateien\1-4d0c9212021b5eb5355e929b2af0eda5.jpg [2010.09.26 17:49:30 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010.09.26 17:44:29 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.09.26 17:40:16 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2010.09.24 22:58:40 | 000,107,008 | ---- | C] () -- C:\vlc.exe [2010.09.08 17:28:17 | 000,000,536 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010.09.06 23:00:19 | 000,000,686 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\League of Legends.lnk [2010.09.03 14:16:25 | 000,000,565 | ---- | C] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\myMPQ.ini [2010.09.03 13:56:24 | 000,000,609 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II.lnk [2010.08.10 22:11:48 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.08.10 22:11:48 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\PnkBstrK.sys [2010.07.18 12:46:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2010.07.18 12:46:59 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini [2010.06.25 20:06:53 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini [2010.06.25 20:06:53 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009.11.28 19:12:20 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009.10.05 20:23:37 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.10.05 20:23:37 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.09.23 19:24:18 | 000,000,562 | ---- | C] () -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\AutoGK.ini [2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.07.06 14:18:39 | 000,000,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.07.06 13:09:50 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2009.07.06 13:09:45 | 000,000,161 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2009.07.06 13:09:36 | 000,000,688 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2009.07.06 12:42:55 | 000,008,410 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2009.06.24 21:28:30 | 000,296,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\M1000KNT.sys [2009.06.24 21:28:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\M1000DIF.dll [2009.06.24 21:28:30 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M1000Twn.ini [2009.06.15 19:54:09 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009.04.14 21:01:44 | 000,001,329 | ---- | C] () -- C:\WINDOWS\WINCMD.INI [2009.04.07 17:25:14 | 000,418,896 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009.03.06 21:12:20 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.03.06 00:26:04 | 000,124,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Username \Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.02 06:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005.05.03 19:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll [2003.10.02 18:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2001.07.07 03:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.09 16:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\.purple [2010.09.26 20:51:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Acwu [2010.09.06 23:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Adobe [2009.03.16 02:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Apple Computer [2009.03.26 03:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\avidemux [2010.03.28 22:33:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Avira [2010.08.05 15:08:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Canneverbe Limited [2009.04.07 17:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\DAEMON Tools [2009.07.07 12:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\DAEMON Tools Lite [2009.04.07 17:21:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\DAEMON Tools Pro [2010.06.20 21:34:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\DivX [2010.06.05 12:01:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\dvdcss [2009.10.11 17:54:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\fretsonfire [2010.04.18 14:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Google [2010.01.05 00:30:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Hamachi [2009.04.14 21:01:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Help [2009.07.06 15:18:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\HP [2009.10.06 11:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\HpUpdate [2010.08.23 10:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\ICQ [2009.07.07 09:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\ID3 renamer [2009.03.05 23:59:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Identities [2009.03.06 00:07:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\InstallShield [2010.08.10 20:17:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\InstallShield Installation Information [2009.03.12 00:51:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Jasc Software Inc [2010.07.16 14:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\LG Electronics [2009.03.06 01:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Logitech [2010.09.07 18:03:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\LolClient [2010.09.13 17:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\LucasArts [2009.03.06 00:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Macromedia [2009.10.15 16:45:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Malwarebytes [2009.03.16 02:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Media Player Classic [2010.09.26 23:00:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Microsoft [2010.02.11 18:58:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Move Networks [2010.02.09 19:33:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Mozilla [2010.06.12 12:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\NVIDIA [2009.04.04 16:04:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\OpenOffice.org [2009.09.18 23:23:19 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\SecuROM [2010.09.25 23:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Skype [2010.09.26 08:06:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\skypePM [2009.03.06 22:44:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Sun [2009.03.06 20:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Talkback [2010.08.22 23:05:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Thunderbird [2009.07.06 21:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Trillian [2009.04.04 14:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\TrueCrypt [2009.03.06 14:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\TuneUp Software [2009.03.14 20:13:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\uqm [2010.09.27 15:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\uTorrent [2010.09.25 21:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\vlc [2009.07.07 10:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Winamp < %APPDATA%\*.exe /s > [2010.06.29 15:10:08 | 000,010,800 | ---- | M] (AOL LLC) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\ICQ\Application\ICQ7.2\aolload.exe [2010.06.29 15:10:08 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\ICQ\Application\ICQ7.2\ICQ.exe [2010.06.29 15:10:08 | 000,080,120 | ---- | M] (ICQ, LLC.) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\ICQ\Application\ICQ7.2\IcqUpdater.exe [2010.06.29 15:09:28 | 000,372,736 | ---- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe [2010.08.10 20:10:02 | 000,331,776 | ---- | M] (Epic Games ) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe [2010.09.06 23:01:13 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > [2009.10.15 22:39:53 | 002,348,928 | ---- | M] () -- C:\D.exe [2009.09.03 02:03:01 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\firefox.exe [2010.08.27 01:34:22 | 000,107,008 | ---- | M] () -- C:\vlc.exe < MD5 for: AGP440.SYS > [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.03.28 12:35:57 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2009.03.06 00:40:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009.03.06 00:40:17 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009.03.06 00:40:17 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.14 08:52:08 | 000,029,184 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\batmeter.dll [2008.04.14 08:52:10 | 000,165,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\credui.dll [2001.08.18 14:00:00 | 000,847,872 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dbgeng.dll [2008.04.14 08:52:10 | 000,640,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dbghelp.dll [2008.04.14 08:52:10 | 000,026,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dot3api.dll [2008.04.14 08:52:10 | 000,009,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dot3dlg.dll [2008.04.14 08:52:10 | 000,126,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\eappcfg.dll [2008.04.14 08:52:10 | 000,040,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\eappprxy.dll [2008.04.14 08:52:12 | 000,125,952 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\exts.dll [2008.04.14 08:52:14 | 000,095,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll [2008.04.14 08:52:16 | 000,072,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll [2008.05.19 06:33:20 | 004,445,184 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msi.dll [2008.04.14 08:52:20 | 000,196,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msutb.dll [2008.04.14 08:52:20 | 000,413,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcp60.dll [2001.08.18 14:00:00 | 000,036,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntsdexts.dll [2008.04.14 08:52:24 | 000,145,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\onex.dll [2006.10.18 21:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\PortableDeviceApi.dll [2006.10.18 21:47:18 | 000,166,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\PortableDeviceTypes.dll [2008.04.14 08:52:24 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\powrprof.dll [2008.04.14 00:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rsaenh.dll [2008.04.14 08:52:24 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll [2008.04.14 08:52:34 | 000,053,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\winsta.dll [2008.04.14 08:52:34 | 000,024,576 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll [2008.04.14 08:52:34 | 000,018,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wtsapi32.dll [2008.04.14 01:06:48 | 002,981,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
27.09.2010, 14:45 | #4 |
| ohon.exe - Igortu Extras:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.09.2010 15:37:18 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = F:\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 14,65 Gb Total Space | 1,80 Gb Free Space | 12,26% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 195,31 Gb Total Space | 181,60 Gb Free Space | 92,98% Space Free | Partition Type: NTFS Drive F: | 386,21 Gb Total Space | 87,85 Gb Free Space | 22,75% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 359,30 Gb Free Space | 38,57% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COMPUTER Current User Name: Username Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox 3.1 Beta 2\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "e:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [ID3 renamer] -- "e:\Programme\ID3 renamer\renamer.exe" "%1" (Jiri {x2} Cincura) Directory [PlayWithVLC] -- "e:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "56804:TCP" = 56804:TCP:*:Enabled:Pando Media Booster "56804:UDP" = 56804:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "55511:TCP" = 55511:TCP:*:Enabled:uTorrent "5190:TCP" = 5190:TCP:*:Disabled:Trillian "5190:UDP" = 5190:UDP:*:Disabled:Trillian2 "56804:TCP" = 56804:TCP:*:Enabled:Pando Media Booster "56804:UDP" = 56804:UDP:*:Enabled:Pando Media Booster "8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher "8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation) "F:\Spiele\Star Trek Bridge Commander\stbc.exe" = F:\Spiele\Star Trek Bridge Commander\stbc.exe:*:Enabled:stbc -- () "F:\Spiele\Quake\joequake-gl.exe" = F:\Spiele\Quake\joequake-gl.exe:*:Enabled:joequake-gl -- () "F:\Spiele\Doom\DOOM95.EXE" = F:\Spiele\Doom\DOOM95.EXE:*:Enabled:doom95 -- (id Software) "E:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = E:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.) "C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.) "F:\Spiele\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = F:\Spiele\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd) "F:\Spiele\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe" = F:\Spiele\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine -- (Raven Software) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "E:\Programme\Hamachi\hamachi.exe" = E:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.) "E:\Programme\Total Commander\totalcmd\TOTALCMD.EXE" = E:\Programme\Total Commander\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.) "C:\WINDOWS\system32\ntvdm.exe" = C:\WINDOWS\system32\ntvdm.exe:*:Enabled:NTVDM.EXE -- (Microsoft Corporation) "F:\Spiele\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe" = F:\Spiele\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "F:\Spiele\TrackMania Nations ESWC\TmNationsESWC.exe" = F:\Spiele\TrackMania Nations ESWC\TmNationsESWC.exe:*:Disabled:TmNationsESWC -- () "C:\Dokumente und Einstellungen\Username\Pidgin\pidgin.exe" = C:\Dokumente und Einstellungen\Username\Pidgin\pidgin.exe:*:Disabled:Pidgin -- (The Pidgin developer community) "C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios) "C:\Dokumente und Einstellungen\Username\Anwendungsdaten\ICQ\Application\ICQ7.2\ICQ.exe" = C:\Dokumente und Einstellungen\Username\Anwendungsdaten\ICQ\Application\ICQ7.2\ICQ.exe:*:Disabled:ICQ -- (ICQ, LLC.) "F:\Spiele\Spring\spring.exe" = F:\Spiele\Spring\spring.exe:*:Enabled:spring -- () "F:\Spiele\Starcraft - Broodwar\StarCraft.exe" = F:\Spiele\Starcraft - Broodwar\StarCraft.exe:*:Enabled:Starcraft - Brood War -- (Blizzard Entertainment) "F:\Spiele\Unreal Tournament 3\Binaries\UT3.exe" = F:\Spiele\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- () "F:\Spiele\Crysis\Bin32\Crysis.exe" = F:\Spiele\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH) "F:\Spiele\Crysis\Bin32\CrysisDedicatedServer.exe" = F:\Spiele\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH) "F:\Spiele\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = F:\Spiele\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB) "E:\Programme\Steam\Steam.exe" = E:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "F:\Spiele\StarCraft II\StarCraft II.exe" = F:\Spiele\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "F:\Spiele\League of Legends\Air\LolClient.exe" = F:\Spiele\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.) "F:\Spiele\League of Legends\Game\League of Legends.exe" = F:\Spiele\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- () "F:\Spiele\EA Games\Battlefield WWII Anthology\BF1942.exe" = F:\Spiele\EA Games\Battlefield WWII Anthology\BF1942.exe:*:Enabled:Battlefield 1942 -- () "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0 "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942 "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM) "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15 "{2A82D40B-899C-4BDB-BAC1-8A0126C3DAA2}" = Risen Demo "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1 "{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300 "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{56A648C2-D185-46A9-BBFF-78AE7A501000}" = USB2.0 Web Camera "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{581125F9-D1C6-4797-93BB-47A992D69AA8}" = Screen Grab Pro "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1 "{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = Activision(R) "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE}" = Royale Remixed Theme "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CD9CD94-76CC-4524-8617-DEB9C2D7C389}" = FIFA 10 - Demo "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE "{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config "{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help "{BBF51613-ACF3-4B1C-86E8-AD15BB431037}" = Tribes Vengeance "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery "{C2157D30-298B-11D7-BF3B-00079500A37A}" = Genius SlimStar 310 Hotkey driver "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4 "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome "{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8 "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1 "{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "7-Zip" = 7-Zip 4.65 "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ASIO4ALL" = ASIO4ALL "Avidemux 2.4" = Avidemux 2.4 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BC-Mod Installer .NET" = BC-Mod Installer .NET - FINAL Version "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2 "CCleaner" = CCleaner (remove only) "Device Control" = Gerätesteuerung "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "EAXSet" = Creative EAX-Einstellungen "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "Frets on Fire" = Frets On Fire "Guitar Pro 5_is1" = Guitar Pro 5.2 "Hamachi" = Hamachi 1.0.1.1 "HijackThis" = HijackThis 2.0.2 "HL2UE_6500_is1" = Half-Life 2 Ultimate Edition (build 6500) "HP Document Viewer" = HP Document Viewer 7.0 "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "HPOCR" = OCR Software by I.R.I.S 7.0 "id3renamer.cincura.net_is1" = ID3 renamer 2.15.15 "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM) "InstallShield_{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}" = X-Men Origins - Wolverine(TM) "InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "InstallShield_{BBF51613-ACF3-4B1C-86E8-AD15BB431037}" = Tribes Vengeance "Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal "League of Legends_is1" = League of Legends "Mafia II_is1" = Mafia II "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4) "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4 "Native Instruments Service Center" = Native Instruments Service Center "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0 "PunkBusterSvc" = PunkBuster Services "RivaTuner" = RivaTuner v2.24 "SPEAKER" = Creative Lautsprechereinstellungen "Starcraft" = Starcraft "StarCraft II" = StarCraft II "SuRun" = Super User Run (SuRun) "TIOsoft ShutDownTimer" = TIOsoft ShutDownTimer 2.10 "Trillian" = Trillian "TrueCrypt" = TrueCrypt "VLC media player" = VLC media player 1.1.4 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "Wing Commander Standoff" = Wing Commander Standoff 1.31 "Wing Commander: Secret Ops" = Wing Commander: Secret Ops "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-117609710-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "Audacity_is1" = Audacity 1.2.6 "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Pidgin" = Pidgin ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26.09.2010 11:40:05 | Computer Name = COMPUTER | Source = VSS | ID = 12289 Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(000001FC,0x0053c020,000379D0,0,000389D8,4096,[0])". hr = 0x80070057. Error - 26.09.2010 11:40:40 | Computer Name = COMPUTER | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 26.09.2010 11:51:34 | Computer Name = COMPUTER | Source = VSS | ID = 12289 Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{c45431e4-0a73-11de-a6f5-001fd08e8d9e},0xc0000000,0x00000003,...)". hr = 0x80070020. Error - 26.09.2010 11:51:34 | Computer Name = COMPUTER | Source = VSS | ID = 12289 Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{c45431e6-0a73-11de-a6f5-001fd08e8d9e},0xc0000000,0x00000003,...)". hr = 0x80070020. Error - 26.09.2010 11:51:34 | Computer Name = COMPUTER | Source = VSS | ID = 12289 Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(000001FC,0x0053c020,000379D0,0,000389D8,4096,[0])". hr = 0x80070057. Error - 26.09.2010 12:53:38 | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung hotkey.exe, Version 3.9.0.1229, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 26.09.2010 15:16:27 | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung hotkey.exe, Version 3.9.0.1229, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 26.09.2010 15:18:36 | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung hotkey.exe, Version 3.9.0.1229, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 27.09.2010 09:11:13 | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x5ee61b4a. Error - 27.09.2010 09:11:22 | Computer Name = COMPUTER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d. [ System Events ] Error - 26.09.2010 11:33:33 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238 Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume "C:" konnte nicht hinzugefügt werden. Error - 26.09.2010 11:34:56 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238 Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume "C:" konnte nicht hinzugefügt werden. Error - 26.09.2010 11:34:57 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238 Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume "C:" konnte nicht hinzugefügt werden. Error - 26.09.2010 11:36:07 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238 Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume "C:" konnte nicht hinzugefügt werden. Error - 26.09.2010 11:40:05 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238 Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume "C:" konnte nicht hinzugefügt werden. Error - 26.09.2010 11:51:34 | Computer Name = COMPUTER | Source = VolSnap | ID = 393238 Description = Das angegebene Vergleichsbereichsvolume für Schattenkopien auf Volume "C:" konnte nicht hinzugefügt werden. Error - 26.09.2010 12:53:29 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NMSAccessU" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 26.09.2010 15:16:27 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NMSAccessU" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 26.09.2010 15:45:58 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NMSAccessU" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 27.09.2010 01:40:42 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NMSAccessU" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 [ TuneUp Events ] Error - 04.09.2010 11:24:34 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-04 17:24:34', '\device\harddiskvolume2\programme\t-mobile\web'n'walk manager\web'n'walk manager.exe','1616',0) Error - 04.09.2010 16:02:23 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-04 22:02:23', '\device\harddiskvolume2\programme\t-mobile\web'n'walk manager\gtdetectsc.exe','132',0) Error - 04.09.2010 16:07:38 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-04 22:07:38', '\device\harddiskvolume2\programme\t-mobile\web'n'walk manager\web'n'walk manager.exe','2260',0) Error - 05.09.2010 03:05:23 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-05 09:05:23', '\device\harddiskvolume2\programme\t-mobile\web'n'walk manager\gtdetectsc.exe','132',0) Error - 05.09.2010 07:43:27 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-05 13:43:27', '\device\harddiskvolume2\programme\t-mobile\web'n'walk manager\gtdetectsc.exe','1120',0) Error - 05.09.2010 09:05:26 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-05 15:05:26', '\device\harddiskvolume2\programme\t-mobile\web'n'walk manager\gtdetectsc.exe','1568',0) Error - 06.09.2010 02:57:05 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-06 08:57:05', '\device\harddiskvolume2\programme\t-mobile\web'n'walk manager\gtdetectsc.exe','1024',0) Error - 07.09.2010 04:08:44 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-07 10:08:44', '\device\harddiskvolume2\programme\t-mobile\web'n'walk manager\gtdetectsc.exe','1184',0) Error - 07.09.2010 08:04:19 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-07 14:04:19', '\device\harddiskvolume2\programme\t-mobile\web'n'walk manager\gtdetectsc.exe','1100',0) Error - 07.09.2010 08:19:35 | Computer Name = COMPUTER | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "n": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-09-07 14:19:34', '\device\harddiskvolume2\programme\t-mobile\web'n'walk manager\gtdetectsc.exe','728',0) < End of report > |
27.09.2010, 15:22 | #5 |
/// Malware-holic | ohon.exe - Igortu toolbars: toolbars sollten deinstaliert werden, sie machen den browser langsam, stellen ein zusätzliches sicherheitsrisiko dar und können nutzer daten ausspähen. deinstaliere: SnagIt toolbar adaware und avira sollten nicht zusammen auf einem system laufen, bitte deinstaliere adaware. du nutzt ne beta von firefox, warum? gehe auf die original seite und hohle dir die neueste version, die beta deinstalieren. lProgramme wie tuneup sind, ums vorsichtig auszudrücken, nicht sinnvoll oder notwendig, sie können dem pc sogar schaden TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de bitte deinstalieren, so was braucht man nicht. • Starte bitte die OTL.exe. • Kopiere nun das Folgende in die Textbox. :OTL SRV - (Pml Driver HPZ12) -- C:\WINDOWS\System32\HPZipm12.exe File not found SRV - (gupdate) Google Update Service (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe File not found DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\B.tmp File not found O3 - HKU\S-1-5-21-117609710-152049171-725345543-1003\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found O4 - HKLM..\Run: [M1000Mnt] File not found O4 - HKU\S-1-5-21-117609710-152049171-725345543-1003..\Run: [{C511FC26-AFDE-CF6A-99AC-0F4C6EB59608}] C:\Dokumente und Einstellungen\Username \Anwendungsdaten\Igortu\ohon.exe File not found :FILES :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten. |
27.09.2010, 15:34 | #6 |
| ohon.exe - Igortu Vielen Dank erstmal für die schnelle Hilfe! Nach dem neustart gabs kein Textdokument, kann das damit zusammenhängen, dass ich OTL in einem Ordner ausgeführt habe, den ich nach dem Neustart erst durch TrueCrypt wieder freigeben musste? zu Firefox: Ich habe vor langer Zeit mal die Beta benutzt, mittlerweile benutze ich aber die ganz normale Version (momentan 3.6.10), warum der immernoch die Beta anzeigt ist mir ein Rätsel zur Snag-It-Toolbar: Wieso die installiert ist, ist mir auch ein Rätsel, wenn, muss das automatisch beim installieren des Programms passiert sein, ich klicke das Angebot, Toolbars zu installieren, grundsätzlich weg! zu TuneUp: habe ich bisher zum wiederherstellen von ausversehen gelöschten dateien benutzt.. OTL nach c:\ kopieren, ausführen, neustart, log posten? malwarebytes hatte ich schon installiert (leider völlig vergessen..), soll ich das jetzt erstmal durchlaufen lassen? |
27.09.2010, 15:37 | #7 |
/// Malware-holic | ohon.exe - Igortu lass mal Malwarebytes laufen, schau mal unter c:\_OTL\moved files da ist ne logdatei mit heutigem namen. ja wenn man das braucht kannst du tune up ja instalieren bzw gibts da ja andere programme zur daten wiederherstellung, aber ich würds runter machen. |
27.09.2010, 15:40 | #8 |
| ohon.exe - Igortu auch in dem Ordner keine Logfile.. dann also erstmal Malwarebytes! |
27.09.2010, 16:14 | #9 |
| ohon.exe - Igortu hier die Malwarebytes-Log: Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2775 Windows 5.1.2600 Service Pack 3 27.09.2010 17:13:52 mbam-log-2010-09-27 (17-13-52).txt Scan-Methode: Vollständiger Scan (C:\|E:\|F:\|G:\|) Durchsuchte Objekte: 294233 Laufzeit: 25 minute(s), 35 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
27.09.2010, 16:44 | #10 |
/// Malware-holic | ohon.exe - Igortu so und jetzt versuchen wirs noch mal nach update, es wird wohl 2 mal nötig sein. 1x versionsupdate 1x für die datenbank, also registerkarte aktualisierung und los gehts :-) |
27.09.2010, 17:00 | #11 |
| ohon.exe - Igortu die Updatefunktion meldet immer nur: Error Code: 732 (0, 0) und Updatet nicht.. naja, dann lad ich halt so mal die neue Version runter.. |
27.09.2010, 17:03 | #12 |
/// Malware-holic | ohon.exe - Igortu und dann mal das manual database update einspielen http://data.mbamupdates.com/tools/mbam-rules.exe |
27.09.2010, 18:08 | #13 |
| ohon.exe - Igortu was lange währt... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 27.09.2010 19:07:47 mbam-log-2010-09-27 (19-07-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|) Durchsuchte Objekte: 309203 Laufzeit: 27 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Valentin ***\Stan_comp.exe (Spyware.Passwords) -> Quarantined and deleted successfully. F:\Downloads\Abirechner.exe (Trojan.Downloader) -> Quarantined and deleted successfully. F:\Spiele\Wing Commander Secret Ops\Stan_comp.exe (Spyware.Passwords) -> Quarantined and deleted successfully. C:\D.exe (Trojan.Agent) -> Quarantined and deleted successfully. Geändert von cosinus (07.08.2012 um 11:41 Uhr) Grund: Nachname unkenntlich gemacht |
Themen zu ohon.exe - Igortu |
ad-aware, adobe, antivir, antivir guard, avira, bho, cdburnerxp, dateien, desktop, dll, einstellungen, explorer.exe, firefox, hkus\s-1-5-18, icq, internet, internet explorer, microsoft, mozilla, nvidia, plug-in, programme, prozess, rundll, software, super, system, windows, windows benutzer, windows xp |