| |
| |||||||
Log-Analyse und Auswertung: Umleitungen von Adressen, Virenscanner funktionieren nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.10.2010, 16:46
| #1 |
| |  Umleitungen von Adressen, Virenscanner funktionieren nicht Hi Leute, scheinbar habe ich mir was eingefangen. Lade mir grundsätzlich nix aus dubiosen Quellen runter, deswg. bin ich recht verwirrt. Habe ein Flash Update im Verdacht. - aber ich egal - ich hoffe Ihr könnt mir helfen.+ Symptome: - Google Ergebnisse werden umgeleitet auf andere Seiten - Virenscanner finden nix und machen auch kein Update (Inet Verbindung angeblich nicht vorhanden - ist nat. nicht so) über das Programm zattoo (fernsehen via web) werden Seiten mit Pseudoscans der Platte aufgerufen - Scareware Anbei mein HijackThis Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:31:55, on 09.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\EeePC\ACPI\AsAcpiSvr.exe C:\Programme\EeePC\ACPI\AsEPCMon.exe C:\Programme\EeePC\ACPI\AsTray.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\T-Mobile Internet Manager 03\UIExec.exe D:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe D:\Programme\Greenshot\Greenshot.exe C:\WINDOWS\system32\igfxext.exe C:\Programme\iPod\bin\iPodService.exe D:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe D:\Eigene Dateien\Downloads\OTL.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://eeepc.asus.com/global R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [UIExec] "C:\Programme\T-Mobile Internet Manager 03\UIExec.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\xxxxxxxxx\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Greenshot.lnk = D:\Programme\Greenshot\Greenshot.exe O4 - Global Startup: SuperHybridEngine.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WebCapture.dll1.htm O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WebCapture.dll2.htm O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WebCapture.dll2.htm O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WebCapture.dll.htm O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WebCapture.dll1.htm O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WebCapture.dll.htm O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra button: SmarThru4 Auswahl erfassen - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: SmarThru4 Auswahl erfassen - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra button: SmarThru4 Als HTML speichern - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: SmarThru4 Als HTML speichern - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra button: SmarThru4 Markierten Text speichern - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU) O9 - Extra 'Tools' menuitem: SmarThru4 Markierten Text speichern - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: UI Assistant Service - Unknown owner - C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe -- End of file - 10270 bytes c09 |
|
09.10.2010, 17:03
| #2 |
| /// Malware-holic   | Umleitungen von Adressen, Virenscanner funktionieren nicht ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten |
|
09.10.2010, 17:48
| #3 |
| | Umleitungen von Adressen, Virenscanner funktionieren nicht Hi,
__________________anbei der Inhalt der Dateien. otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.10.2010 18:30:54 - Run 4 OTL by OldTimer - Version 3.2.14.1 Folder = D:\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,06 Gb Total Space | 50,70 Gb Free Space | 70,36% Space Free | Partition Type: NTFS Drive D: | 72,05 Gb Total Space | 38,86 Gb Free Space | 53,93% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EEEPC Current User Name: xxxxxxxxxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\xxxxxxxxxx\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - D:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe () PRC - C:\Programme\T-Mobile Internet Manager 03\UIExec.exe () PRC - C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) PRC - D:\Programme\Greenshot\Greenshot.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - D:\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_062a651.dll () SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (GoogleDesktopManager-093009-130223) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (UI Assistant Service) -- C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe () SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SSPORT) -- C:\WINDOWS\System32\Drivers\SSPORT.sys File not found DRV - (hwdatacard) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys File not found DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys File not found DRV - (btwhid) -- C:\WINDOWS\System32\DRIVERS\btwhid.sys File not found DRV - (BTWDNDIS) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys File not found DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys File not found DRV - (btaudio) -- C:\WINDOWS\System32\drivers\btaudio.sys File not found DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys () DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3695312464-1671728247-3960944336-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eeepc.asus.com/global IE - HKU\S-1-5-21-3695312464-1671728247-3960944336-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3695312464-1671728247-3960944336-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Programme\T-Mobile Internet Manager 03\addon [2010.05.28 21:50:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.10.09 16:38:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.10.09 16:39:00 | 000,000,000 | ---D | M] [2009.03.05 23:01:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Mozilla\Extensions [2010.10.09 17:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\6qm7s989.default\extensions [2010.05.30 18:22:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\6qm7s989.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.30 18:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\6qm7s989.default\extensions\firebug@software.joehewitt.com O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3695312464-1671728247-3960944336-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [Google Desktop Search] C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [UIExec] C:\Programme\T-Mobile Internet Manager 03\UIExec.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\xxxxxxxxxx\Startmenü\Programme\Autostart\Greenshot.lnk = D:\Programme\Greenshot\Greenshot.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3695312464-1671728247-3960944336-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3695312464-1671728247-3960944336-1006\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-3695312464-1671728247-3960944336-1006\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.13 21:41:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.03.06 10:49:26 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{3082a108-5bfd-11df-9c2d-00261882cb67}\Shell - "" = AutoRun O33 - MountPoints2\{3082a108-5bfd-11df-9c2d-00261882cb67}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3082a108-5bfd-11df-9c2d-00261882cb67}\Shell\AutoRun\command - "" = E:\Install.exe -- File not found O33 - MountPoints2\{42b6175d-4005-11de-bdd2-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{42b6175d-4005-11de-bdd2-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{42b6175d-4005-11de-bdd2-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{6a89716a-efec-11de-9bdd-00261882cb67}\Shell - "" = AutoRun O33 - MountPoints2\{6a89716a-efec-11de-9bdd-00261882cb67}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6a89716a-efec-11de-9bdd-00261882cb67}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe -- File not found O33 - MountPoints2\{6a89716b-efec-11de-9bdd-00261882cb67}\Shell - "" = AutoRun O33 - MountPoints2\{6a89716b-efec-11de-9bdd-00261882cb67}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6a89716b-efec-11de-9bdd-00261882cb67}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe -- File not found O33 - MountPoints2\{a54797ca-0891-11de-9bf2-00261882cb67}\Shell - "" = AutoRun O33 - MountPoints2\{a54797ca-0891-11de-9bf2-00261882cb67}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a54797ca-0891-11de-9bf2-00261882cb67}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe -- File not found O33 - MountPoints2\{ba0845da-fed9-11de-9be1-00261882cb67}\Shell - "" = AutoRun O33 - MountPoints2\{ba0845da-fed9-11de-9be1-00261882cb67}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ba0845da-fed9-11de-9be1-00261882cb67}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe -- File not found O33 - MountPoints2\{ba0845db-fed9-11de-9be1-00261882cb67}\Shell - "" = AutoRun O33 - MountPoints2\{ba0845db-fed9-11de-9be1-00261882cb67}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ba0845db-fed9-11de-9be1-00261882cb67}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe -- File not found O33 - MountPoints2\{cc931afc-7c99-11df-9c19-00261882cb67}\Shell - "" = AutoRun O33 - MountPoints2\{cc931afc-7c99-11df-9c19-00261882cb67}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cc931afc-7c99-11df-9c19-00261882cb67}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{cc931afe-7c99-11df-9c19-00261882cb67}\Shell - "" = AutoRun O33 - MountPoints2\{cc931afe-7c99-11df-9c19-00261882cb67}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cc931afe-7c99-11df-9c19-00261882cb67}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2008.04.14 08:53:06 | 000,028,672 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.09 17:19:00 | 000,000,000 | ---D | C] -- C:\b4251fe32b44a7235cb82b8c70 [2010.10.09 17:16:08 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2010.10.09 17:01:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.10.09 17:01:33 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\Simply Super Software [2010.10.09 17:01:10 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2010.10.09 17:01:07 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2010.10.09 17:01:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Simply Super Software [2010.10.09 17:01:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2010.10.09 16:54:26 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.10.09 16:40:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Temp [2010.10.09 16:37:52 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.10.09 16:36:14 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010.10.09 16:17:45 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software [2010.10.09 16:17:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.10.09 16:12:33 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.10.09 16:04:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2010.09.29 21:23:59 | 000,000,000 | ---D | C] -- C:\spoolerlogs [2010.09.26 11:14:54 | 000,000,000 | ---D | C] -- C:\Programme\Garmin GPS Plugin [2010.09.20 22:23:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Desktop\design [2010.09.20 22:22:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Desktop\b2blichtlieferant(2) [2010.09.20 22:20:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Desktop\b2blichtlieferant [2010.09.19 20:21:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Desktop\Desktop [2010.09.18 18:28:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.09.18 18:28:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.09.18 18:28:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.09.18 18:28:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.09.18 18:28:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.09 18:05:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.09 17:42:00 | 000,001,216 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3695312464-1671728247-3960944336-1006UA.job [2010.10.09 17:27:06 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.09 17:26:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.10.09 17:26:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.09 17:25:57 | 003,932,160 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\ntuser.dat [2010.10.09 17:25:45 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\ntuser.ini [2010.10.09 17:24:26 | 001,073,172 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.10.09 17:24:26 | 000,477,068 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.09 17:24:26 | 000,456,150 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.09 17:24:26 | 000,092,608 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.09 17:24:26 | 000,077,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.09 17:23:52 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\defogger_reenable [2010.10.09 17:16:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.09 17:01:20 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk [2010.10.09 16:54:26 | 000,001,988 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Desktop\HiJackThis.lnk [2010.10.09 16:46:36 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2010.10.09 16:18:05 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.10.09 16:18:02 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.10.09 16:09:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.08 21:46:35 | 000,023,552 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.09.28 22:31:39 | 000,001,891 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Desktop\filter.phtml [2010.09.25 18:57:52 | 000,047,652 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Desktop\_1557073893166222192_Legende-und-Wahrheit.gpx [2010.09.25 18:49:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.09.25 18:49:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.09 17:23:24 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\defogger_reenable [2010.10.09 17:01:20 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk [2010.10.09 17:01:10 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2010.10.09 17:01:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2010.10.09 17:01:10 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2010.10.09 17:01:09 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2010.10.09 16:54:26 | 000,001,988 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Desktop\HiJackThis.lnk [2010.10.09 16:46:36 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2010.10.09 16:18:02 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.09.28 22:31:39 | 000,001,891 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Desktop\filter.phtml [2010.09.25 18:58:03 | 000,047,652 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Desktop\_1557073893166222192_Legende-und-Wahrheit.gpx [2010.09.25 18:49:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.09.25 18:49:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2010.09.04 20:31:15 | 000,010,449 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\SmarThruOptions.xml [2010.09.04 20:30:57 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll [2010.09.04 20:30:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2010.09.04 20:30:51 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2010.05.16 18:05:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010.03.14 22:19:27 | 000,000,161 | ---- | C] () -- C:\Programme\INSTALL.LOG [2010.03.14 16:00:11 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.01.29 14:29:03 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2009.12.27 20:47:01 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009.12.27 20:47:01 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009.12.19 18:41:17 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2009.11.29 02:29:48 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2009.10.30 04:03:59 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.10.29 22:39:39 | 000,006,656 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.26 04:45:00 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sx450sl3.dll [2009.09.14 23:24:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2009.09.14 23:24:10 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2009.09.14 23:24:10 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2009.09.14 23:24:08 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2009.09.14 23:24:08 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2009.05.14 00:37:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.05.13 23:30:25 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys [2009.05.13 22:31:07 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini [2009.05.13 22:31:07 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini [2009.05.13 22:17:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2009.05.13 21:29:39 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI ========== LOP Check ========== [2010.10.09 16:17:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.01.29 10:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010.10.09 16:36:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2010.03.14 22:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Quest Software [2010.03.20 16:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver [2010.10.09 17:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2009.12.01 22:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sync App Settings [2010.10.09 17:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.05.13 22:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wireless LAN Card [2010.06.21 15:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.03.09 11:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.02.10 21:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Bullzip [2010.01.29 11:04:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\DAEMON Tools Lite [2010.10.09 16:34:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\FileZilla [2010.03.08 13:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Greenshot [2010.06.20 20:34:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\HCM Updater [2009.11.26 19:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\IrfanView [2009.02.07 01:50:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\OpenOffice.org [2010.05.28 21:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Programme [2010.03.14 22:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Quest Software [2010.10.09 17:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Simply Super Software [2010.09.04 20:31:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\SmarThru4 [2009.12.14 00:39:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Sync App Settings [2009.02.06 16:23:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\uTorrent [2010.10.09 16:18:02 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.29 14:38:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Adobe [2010.03.09 20:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Apple Computer [2009.02.10 21:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Bullzip [2010.01.29 11:04:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\DAEMON Tools Lite [2010.10.09 16:34:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\FileZilla [2009.02.26 16:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Google [2010.03.08 13:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Greenshot [2010.06.20 20:34:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\HCM Updater [2009.05.13 21:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Identities [2009.05.13 22:28:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\InstallShield [2009.11.26 19:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\IrfanView [2009.10.29 22:13:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Macromedia [2010.10.09 16:54:27 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Microsoft [2010.04.11 21:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\mIRC [2009.03.05 23:01:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Mozilla [2009.02.07 01:50:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\OpenOffice.org [2010.05.28 21:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Programme [2010.03.14 22:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Quest Software [2010.10.09 17:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Simply Super Software [2010.10.05 23:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Skype [2010.10.04 20:08:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\skypePM [2010.09.04 20:31:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\SmarThru4 [2009.10.31 11:39:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Sun [2009.12.14 00:39:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Sync App Settings [2009.02.06 16:23:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\uTorrent [2010.01.29 12:14:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2010.10.09 16:54:27 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2010.07.05 14:30:36 | 003,687,344 | ---- | M] (Simply Super Software) -- C:\Dokumente und Einstellungen\xxxxxxxxxx\Anwendungsdaten\Simply Super Software\Trojan Remover\fkv122.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IASTOR.SYS > [2008.09.12 07:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\I386\$OEM$\TEXTMODE\IASTOR.SYS [2008.09.12 07:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OemDir\iaStor.sys [2008.09.12 07:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.05.13 23:35:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009.05.13 23:35:23 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009.05.13 23:35:23 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.14 14:00:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > [/QUOTE] extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.10.2010 18:30:54 - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = D:\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,06 Gb Total Space | 50,70 Gb Free Space | 70,36% Space Free | Partition Type: NTFS
Drive D: | 72,05 Gb Total Space | 38,86 Gb Free Space | 53,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: EEEPC
Current User Name: xxxxxxxxxx
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-3695312464-1671728247-3960944336-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1496:TCP" = 1496:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"D:\Programme\Zattoo\zattood.exe" = D:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"D:\Programme\Altitude\altitude.exe" = D:\Programme\Altitude\altitude.exe:*:Enabled:altitude -- ()
"D:\Programme\NetBeans 6.8\bin\netbeans.exe" = D:\Programme\NetBeans 6.8\bin\netbeans.exe:*:Enabled:netbeans -- ()
"D:\xampp\apache\bin\httpd.exe" = D:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"D:\xampp\mysql\bin\mysqld.exe" = D:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)
"D:\Programme\mIRC\mirc.exe" = D:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Programme\Aptana\Aptana Studio 2.0\AptanaStudio.exe" = D:\Programme\Aptana\Aptana Studio 2.0\AptanaStudio.exe:*:Enabled:AptanaStudio -- ()
"D:\Programme\iTunes\iTunes.exe" = D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{879D5454-1A5E-4F3F-8DCC-69FBE95D0647}" = Adobe Setup
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Internet Manager 03
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B2974D26-9080-4FA4-B344-DA2D314F41DC}" = Vodafone Mobile Connect Lite Runtime Components
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA368B3-59C8-4EF5-83A0-39DF46588030}" = Adobe Creative Suite 3 Web Premium
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7AA860E-F538-440B-AA66-ECA15D97A535}" = Quest Software Toad for MySQL Freeware 4.6
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"4578-0181-0549-1546" = Altitude 1.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b0efd5c6e27241b2a2a88dbddd25245" = Adobe Creative Suite 3 Web Premium hinzufügen oder entfernen
"Akamai" = Akamai NetSession Interface
"Allway Sync_is1" = Allway Sync version 9.4.11
"Aptana Studio 2.0" = Aptana Studio 2.0
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 4.0.0.463
"Crimson Editor" = Crimson Editor (remove only)
"Eee Docking_is1" = Eee Docking 1.3.1.0
"EeePC1005HA" = EeePC1005HA Screen Saver
"FileZilla Client" = FileZilla Client 3.3.2
"Google Desktop" = Google Desktop
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"Greenshot_is1" = Greenshot
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealVNC_is1" = VNC Free Edition 4.1.3
"Samsung SCX-4500 Series" = Samsung SCX-4500 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMind" = XMind
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3695312464-1671728247-3960944336-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.06.2010 14:21:08 | Computer Name = EEEPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.06.2010 14:21:08 | Computer Name = EEEPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2203
Error - 22.06.2010 14:21:08 | Computer Name = EEEPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2203
Error - 26.06.2010 03:45:29 | Computer Name = EEEPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.06.2010 03:45:29 | Computer Name = EEEPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 140365953
Error - 26.06.2010 03:45:29 | Computer Name = EEEPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 140365953
Error - 07.07.2010 17:38:57 | Computer Name = EEEPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung netbeans.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.07.2010 05:30:59 | Computer Name = EEEPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.07.2010 05:30:59 | Computer Name = EEEPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 28422047
Error - 17.07.2010 05:30:59 | Computer Name = EEEPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 28422047
[ OSession Events ]
Error - 05.08.2010 16:50:18 | Computer Name = EEEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1257
seconds with 840 seconds of active time. This session ended with a crash.
Error - 05.08.2010 16:50:37 | Computer Name = EEEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.08.2010 16:51:37 | Computer Name = EEEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 54
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.08.2010 16:53:41 | Computer Name = EEEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 101
seconds with 60 seconds of active time. This session ended with a crash.
Error - 05.08.2010 17:26:29 | Computer Name = EEEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 878
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.10.2010 10:40:30 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 09.10.2010 11:24:22 | Computer Name = EEEPC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706be fehlgeschlagen: Security Update for Microsoft .NET Framework
2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
Error - 09.10.2010 11:24:22 | Computer Name = EEEPC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows XP (KB982802)
Error - 09.10.2010 11:24:22 | Computer Name = EEEPC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2121546)
Error - 09.10.2010 11:24:22 | Computer Name = EEEPC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Security Update for Microsoft .NET Framework
3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86
(KB2416473)
Error - 09.10.2010 11:24:22 | Computer Name = EEEPC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2347290)
Error - 09.10.2010 11:24:22 | Computer Name = EEEPC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows XP (KB975558)
Error - 09.10.2010 11:24:22 | Computer Name = EEEPC | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2259922)
Error - 09.10.2010 11:27:03 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 09.10.2010 11:27:03 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
[/QUOTE] Danke!!!! c509 |
|
09.10.2010, 17:52
| #4 |
| /// Malware-holic | Umleitungen von Adressen, Virenscanner funktionieren nicht bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
09.10.2010, 19:56
| #5 |
| | Umleitungen von Adressen, Virenscanner funktionieren nicht Hi, hat etwas gedauert. Ich musste erst combofix umbenennen damit es startet - das hat ne weile gedauert um es heraus zu finden. [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 10-10-09.01 - xxxxxx 09.10.2010 20:31:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2039.1681 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxxxxx\Desktop\erjepr.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokume~1\xxxxxx\LOKALE~1\Temp\install_flash_player.exe
c:\programme\INSTALL.LOG
c:\windows\system32\Thumbs.db
D:\Autorun.inf
Infizierte Kopie von c:\windows\system32\drivers\ftdisk.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-09 bis 2010-10-09 ))))))))))))))))))))))))))))))
.
2010-10-09 15:19 . 2010-10-09 15:24 -------- d-----w- C:\b4251fe32b44a7235cb82b8c70
2010-09-26 09:14 . 2010-10-09 14:36 -------- d-----w- c:\programme\Garmin GPS Plugin
2010-09-18 16:28 . 2010-09-18 16:28 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 18:45 . 2010-01-30 09:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Akamai
2010-10-09 15:27 . 2009-03-05 21:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS
2010-10-09 15:24 . 2009-05-13 19:29 92608 ----a-w- c:\windows\system32\perfc007.dat
2010-10-09 15:24 . 2009-05-13 19:29 477068 ----a-w- c:\windows\system32\perfh007.dat
2010-10-09 15:16 . 2010-10-09 15:16 -------- d-----w- c:\programme\MSXML 4.0
2010-10-09 15:01 . 2010-10-09 15:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-10-09 14:54 . 2010-10-09 14:54 -------- d-----w- c:\programme\Trend Micro
2010-10-09 14:45 . 2009-10-29 20:12 -------- d-----w- c:\programme\Google
2010-10-09 14:40 . 2010-10-09 14:12 -------- d-----w- c:\programme\Microsoft Security Essentials
2010-10-09 14:38 . 2010-01-29 12:30 -------- d-----w- c:\programme\QuickTime
2010-10-09 14:37 . 2010-10-09 14:37 -------- d-----w- c:\programme\iPod
2010-10-09 14:37 . 2010-09-08 21:29 -------- d-----w- c:\programme\iPod(2)
2010-10-09 14:37 . 2010-03-09 09:41 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2010-10-09 14:36 . 2010-10-09 14:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
2010-10-09 14:34 . 2009-12-19 13:51 -------- d-----w- c:\dokumente und einstellungen\xxxxxx\Anwendungsdaten\FileZilla
2010-10-09 14:17 . 2010-10-09 14:17 -------- d-----w- c:\programme\Alwil Software
2010-10-09 14:17 . 2010-10-09 14:17 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Alwil Software
2010-10-05 21:09 . 2009-10-29 20:05 -------- d-----w- c:\dokumente und einstellungen\xxxxxx\Anwendungsdaten\Skype
2010-10-04 18:08 . 2009-11-29 00:29 -------- d-----w- c:\dokumente und einstellungen\xxxxxx\Anwendungsdaten\skypePM
2010-09-25 16:49 . 2010-09-25 16:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-09-25 16:49 . 2010-09-25 16:49 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01009.Wdf
2010-09-18 16:28 . 2009-10-31 09:39 -------- d-----w- c:\programme\Java
2010-09-04 18:38 . 2010-09-04 18:38 -------- d-----w- c:\programme\Samsung
2010-09-04 18:31 . 2010-09-04 18:31 -------- d-----w- c:\dokumente und einstellungen\xxxxxx\Anwendungsdaten\SmarThru4
2010-09-04 18:31 . 2010-09-04 18:30 -------- d-----w- c:\programme\SmarThru 4
2010-09-04 18:30 . 2010-09-04 18:30 -------- d-----w- c:\programme\Gemeinsame Dateien\SRC Shared
2010-09-04 18:30 . 2010-09-04 18:30 -------- d-----w- c:\programme\Readiris10
2010-09-04 18:30 . 2009-05-13 20:26 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-08-17 13:17 . 2009-05-13 19:29 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 23:31 . 2010-08-14 23:31 73000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-27 17:30 . 2010-07-26 16:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-22 15:48 . 2009-05-13 19:29 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 19:26 . 2009-02-06 23:51 1 ----a-w- c:\dokumente und einstellungen\xxxxxx\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-17 10:14 . 2010-07-17 10:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\dokumente und einstellungen\xxxxxx\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2009-10-29 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"AsusACPIServer"="c:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\programme\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\programme\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\programme\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-29 30192]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"UIExec"="c:\programme\T-Mobile Internet Manager 03\UIExec.exe" [2009-03-30 132608]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2010-07-21 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\xxxxxx\Startmen\Programme\Autostart\
Greenshot.lnk - d:\programme\Greenshot\Greenshot.exe [2010-3-8 528384]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
SuperHybridEngine.lnk - c:\programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-13 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Programme\\Zattoo\\zattood.exe"=
"d:\\Programme\\Altitude\\altitude.exe"=
"d:\\Programme\\NetBeans 6.8\\bin\\netbeans.exe"=
"d:\\xampp\\apache\\bin\\httpd.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\Programme\\mIRC\\mirc.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Programme\\Aptana\\Aptana Studio 2.0\\AptanaStudio.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [13.05.2009 21:29 14336]
R2 UI Assistant Service;UI Assistant Service;c:\programme\T-Mobile Internet Manager 03\AssistantServices.exe [28.05.2010 21:50 241664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28.04.2009 03:59 38912]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [26.02.2009 16:53 135664]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.05.2009 22:26 1684736]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [29.10.2009 22:12 30192]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [28.05.2010 21:51 7680]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [09.03.2010 11:42 17408]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [13.05.2009 23:30 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [28.04.2009 07:47 39040]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.01.2010 10:25 691696]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - BMLoad
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-26 14:52]
2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-26 14:52]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695312464-1671728247-3960944336-1006Core.job
- c:\dokumente und einstellungen\xxxxxx\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-10-29 20:11]
2010-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3695312464-1671728247-3960944336-1006UA.job
- c:\dokumente und einstellungen\xxxxxx\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-10-29 20:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Als HTML speichern - c:\programme\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\programme\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\programme\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\programme\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\programme\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\programme\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\programme\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\dokumente und einstellungen\xxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\6qm7s989.default\
FF - plugin: c:\dokumente und einstellungen\xxxxxx\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-SRS Premium Sound - c:\programme\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'explorer.exe'(184)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\programme\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-09 20:49:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-10-09 18:49
Vor Suchlauf: 10 Verzeichnis(se), 57.791.324.160 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 58.794.545.152 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - C4881C43C8EDC05CF89BD8B7A4B521F0
Wenn ichs richtig lese, war meine Vermutung mit dem Flash Updater richtig!? Grüße, c509 |
|
09.10.2010, 20:09
| #6 |
| /// Malware-holic | Umleitungen von Adressen, Virenscanner funktionieren nicht ist doch immer wieder schön wenn die user selbst mit denken :d aber das nächste mal kannst auch einfach bescheid geben wenn n problem auf tritt :-) öffne den arbeitsplatz, dort c: dort rechtsklick auf qoobox und zu qoobox.rar oder zip hinzufügen, archiv hochladen. dateiupload: http://www.trojaner-board.de/54791-a...ner-board.html |
|
| Themen zu Umleitungen von Adressen, Virenscanner funktionieren nicht |
| adobe, bho, bonjour, desktop, eeepc, einstellungen, explorer, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, log, logfile, mozilla, nicht vorhanden, pdf, plug-in, programm, programme, scan, senden, software, super, system, t-mobile, windows, windows xp |
Linear-Darstellung
