|
Plagegeister aller Art und deren Bekämpfung: iexplorer.exe, svhost.exe und mozilla.exe greifen mich an!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.10.2010, 17:02 | #1 | |
| iexplorer.exe, svhost.exe und mozilla.exe greifen mich an! Guten Tag alle miteinander. Ich habe seit einige Tagen diverse Probleme mit meinem laptop (win7x64). Es hat damit angefangen dass der iexplorer sich nicht mehr richtig hat öffnen lassen. Erst nach mehrmaligem klicken war ein tab sichtbar (der prozess wurde trotzdem jedes mal aufs neue gestartet). Chrome ließ sich installieren aber konnte keine seite anzeigen und Mozilla zeigt das gleiche Problem wie der iexplorer. IE leitet mich seitdem auf diverse seiten von ask.com um wenn ich auf ein google ergebniss klicke. Avira hat beim ersten scan einen trojaner gefunden, ihn entfernt und seitdem ist laut avira alles in Ordnung. Norton Antvirus gestern geladen - findet bei jedem scan nur cookies - meldet alle paar minuten was in der Anhang .jpg zu sehen ist. Abwechselnd von mozilla.exe, iexplorer.exe und svhost.exe. malwarebytes log: Zitat:
Code:
ATTFilter OTL logfile created on: 18.10.2010 18:21:58 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Media\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 63,00% Memory free 16,00 Gb Paging File | 13,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,23 Gb Total Space | 261,44 Gb Free Space | 58,59% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 278,32 Gb Free Space | 59,76% Space Free | Partition Type: NTFS Computer Name: G73 | User Name: g73 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.10.18 18:03:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Downloads\OTL.exe PRC - [2010.10.11 16:03:21 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe PRC - [2010.10.03 21:19:56 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.09.29 07:46:48 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe PRC - [2010.09.20 21:24:40 | 000,377,200 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\MCUI32.EXE PRC - [2010.09.15 01:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.30 16:27:15 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.22 22:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010.01.22 22:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010.01.22 22:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2010.01.22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.01.05 02:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009.11.10 04:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.10.26 19:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (SafeList) ========== MOD - [2010.10.18 18:03:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Downloads\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 03:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll MOD - [2009.07.14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service) SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP) SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService) SRV:64bit: - [2010.08.04 03:51:20 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.12.08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.08.06 23:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.08.03 01:54:14 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2010.10.03 21:19:56 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.06.09 20:59:02 | 000,395,048 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.30 16:24:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.03.30 16:24:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.03.23 16:15:58 | 000,704,760 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.22 22:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010.01.22 22:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.01.22 22:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010.01.22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2009.11.10 04:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2009.10.01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.09.21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service) SRV - [2009.09.21 20:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.10.17 13:46:44 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2010.10.11 15:42:22 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.08.04 04:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.08.04 04:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.04 03:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.05.06 06:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symtdiv.sys -- (SYMTDIv) DRV:64bit: - [2010.04.29 07:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\ironx64.sys -- (SymIRON) DRV:64bit: - [2010.04.22 05:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symefa64.sys -- (SymEFA) DRV:64bit: - [2010.04.22 04:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\srtsp64.sys -- (SRTSP) DRV:64bit: - [2010.04.22 04:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.04.08 04:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.18 19:00:50 | 000,055,296 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2010.02.26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.02.26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2010.02.26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2010.02.26 02:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\cchpx64.sys -- (ccHP) DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.01.22 22:14:36 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010.01.22 22:14:34 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010.01.22 22:14:30 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010.01.22 22:14:30 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010.01.22 21:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010.01.22 17:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010.01.22 17:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010.01.22 17:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2009.11.24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.11.13 09:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.10.09 13:16:27 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.10.01 22:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2009.09.21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor) DRV:64bit: - [2009.09.21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount) DRV:64bit: - [2009.09.21 20:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.08.30 02:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symds64.sys -- (SymDS) DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.08.06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.08.06 23:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:06:48 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BTHPRINT.SYS -- (BTHprint) DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.07.01 06:46:57 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.07.01 06:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.01 06:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.01 06:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 12:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009.05.20 12:04:55 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.04.07 09:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.07.26 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2010.10.17 13:52:28 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101018.002\EX64.SYS -- (NAVEX15) DRV - [2010.10.17 13:52:28 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2010.10.17 13:52:28 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010.10.17 13:52:28 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101018.002\ENG64.SYS -- (NAVENG) DRV - [2010.10.13 21:59:27 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101015.003\IDSviA64.sys -- (IDSVia64) DRV - [2010.10.02 00:00:02 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009.10.12 14:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.09.02 01:59:44 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/30 06:42:08] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: {D255BC5D-824F-46DE-BDDE-546F6A74D818}:1.9.1 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 5555 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.19 08:25:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.06.21 18:23:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010.10.18 11:16:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.18 11:16:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.15 15:34:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.06.21 18:23:00 | 000,000,000 | ---D | M] [2010.10.15 15:34:40 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Extensions [2010.10.17 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\t09dt0l9.default\extensions [2010.10.15 15:34:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.17 13:36:34 | 000,422,499 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14565 more lines... O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.168.112.60 81.173.194.77 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{48a69a8d-5c4c-11df-bce8-1c4bd60a2ad0}\Shell - "" = AutoRun O33 - MountPoints2\{48a69a8d-5c4c-11df-bce8-1c4bd60a2ad0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{7082ca93-d47d-11df-9667-1c4bd60a2ad0}\Shell - "" = AutoRun O33 - MountPoints2\{7082ca93-d47d-11df-9667-1c4bd60a2ad0}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{bb6f540a-5de7-11df-a85d-1c4bd60a2ad0}\Shell - "" = AutoRun O33 - MountPoints2\{bb6f540a-5de7-11df-a85d-1c4bd60a2ad0}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{bb6f5687-5de7-11df-a85d-1c4bd60a2ad0}\Shell - "" = AutoRun O33 - MountPoints2\{bb6f5687-5de7-11df-a85d-1c4bd60a2ad0}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{bb6f5688-5de7-11df-a85d-1c4bd60a2ad0}\Shell - "" = AutoRun O33 - MountPoints2\{bb6f5688-5de7-11df-a85d-1c4bd60a2ad0}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.18 10:49:45 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symtdiv.sys [2010.10.18 10:49:45 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symds64.sys [2010.10.18 10:49:45 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symefa64.sys [2010.10.18 10:49:44 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\cchpx64.sys [2010.10.18 10:49:44 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\srtsp64.sys [2010.10.18 10:49:44 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\ironx64.sys [2010.10.18 10:49:44 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\srtspx64.sys [2010.10.18 10:49:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1108000.005 [2010.10.17 13:46:44 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010.10.17 13:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2010.10.17 13:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2010.10.17 13:46:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64 [2010.10.17 13:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus [2010.10.17 13:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.10.17 13:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.10.17 13:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2010.10.17 12:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.10.17 12:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.10.17 11:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010.10.15 16:25:53 | 000,000,000 | ---D | C] -- C:\DBControl [2010.10.15 15:34:28 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\Mozilla [2010.10.15 15:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.10.14 22:50:14 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.10.14 22:50:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.10.14 22:50:12 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010.10.14 22:50:09 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010.10.14 22:50:05 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010.10.14 22:50:05 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010.10.14 22:50:04 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010.10.14 22:50:04 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010.10.14 22:50:04 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010.10.14 22:50:00 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.10.14 22:50:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.10.14 22:50:00 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.10.14 22:50:00 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.10.14 22:50:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.10.14 22:49:59 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.10.14 22:49:59 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.10.14 22:49:59 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.10.14 22:49:59 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.10.14 22:49:59 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.10.14 22:49:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.10.14 22:49:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.10.14 22:49:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.10.14 22:49:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.10.14 22:49:58 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.10.14 22:49:54 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.10.14 22:49:54 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.10.14 22:49:54 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.10.14 22:49:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010.10.13 22:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2010.10.13 19:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft.temp [2010.10.13 19:11:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment [2010.10.13 16:43:35 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\{D255BC5D-824F-46DE-BDDE-546F6A74D818} [2010.10.13 16:43:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2010.10.13 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\DBControl [2010.10.11 16:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2 [2010.10.11 15:26:00 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\Bluetooth Exchange Folder [2010.10.11 15:02:19 | 000,124,944 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys [2010.10.11 14:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2010.10.10 19:59:29 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\NGH15B [2010.10.10 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Local\Symantec_Corporation [2010.10.10 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Symantec [2010.10.10 13:50:16 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.DLL [2010.10.10 13:50:16 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll [2010.10.10 13:50:16 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP71.DLL [2010.10.10 13:50:16 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCR71.DLL [2010.10.10 13:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec [2010.10.10 13:50:08 | 000,154,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WimFltr.sys [2010.10.10 13:49:40 | 000,170,032 | ---- | C] (StorageCraft) -- C:\Windows\SysNative\drivers\symsnap.sys [2010.10.10 13:49:31 | 000,020,528 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys [2010.10.10 13:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010.10.10 13:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.10.10 13:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Ghost [2010.10.10 13:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} [2010.10.10 10:55:20 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\Symantec.Norton.Ghost.v15.0.German.Incl.Keymaker-CORE [2010.10.08 21:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.10.07 21:04:00 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Command and Conquer 4 [2010.10.07 17:11:56 | 000,525,664 | ---- | C] (techPowerUp (www.techpowerup.com)) -- C:\Users\Media\Documents\GPU-Z.0.4.6.exe [2010.10.07 15:48:11 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\hwmonitor_1.16-64bit [2010.10.06 18:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.10.06 18:10:04 | 000,000,000 | ---D | C] -- C:\Users\Media\AppData\Roaming\Google [2010.10.06 18:04:08 | 000,000,000 | ---D | C] -- C:\AMD [2010.10.04 17:39:08 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\Heroes of Newerth [2010.10.04 17:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth [2010.10.04 15:33:10 | 000,000,000 | ---D | C] -- C:\Users\Media\Documents\EA Games [2010.09.28 22:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.09.28 22:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.09.28 22:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.09.28 22:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.18 17:46:13 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.10.18 17:46:13 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.10.18 17:37:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.18 16:57:48 | 000,239,282 | ---- | M] () -- C:\Users\Media\Desktop\Norton meldung.jpg [2010.10.18 16:40:25 | 001,225,904 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\Cat.DB [2010.10.18 16:29:14 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.18 12:13:13 | 000,027,648 | ---- | M] () -- C:\Users\Media\Desktop\GK09-GrammatikAufgabe1.doc [2010.10.18 11:25:49 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.18 11:25:49 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.18 11:18:31 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.18 11:18:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.18 11:17:56 | 2088,144,895 | -HS- | M] () -- C:\hiberfil.sys [2010.10.17 19:57:46 | 000,001,613 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2010.10.17 13:46:44 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010.10.17 13:46:44 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010.10.17 13:46:44 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010.10.17 13:36:34 | 000,422,499 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.10.15 16:19:54 | 000,000,120 | ---- | M] () -- C:\Users\Media\AppData\Local\Xbuyuzeleqayis.dat [2010.10.15 03:25:25 | 000,000,000 | ---- | M] () -- C:\Users\Media\AppData\Local\Pyizox.bin [2010.10.15 03:24:20 | 000,451,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.10.15 03:05:30 | 001,556,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.10.15 03:05:30 | 000,667,318 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.10.15 03:05:30 | 000,627,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.10.15 03:05:30 | 000,135,980 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.10.15 03:05:30 | 000,111,624 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.10.13 16:41:44 | 000,002,352 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2010.10.11 15:42:22 | 000,503,352 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.10.11 15:27:57 | 000,014,833 | ---- | M] () -- C:\Users\Media\Documents\gpuz screen 2.gif [2010.10.10 13:49:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_GenericMount_01009.Wdf [2010.10.10 10:33:48 | 000,015,876 | ---- | M] () -- C:\Users\Media\Documents\gpuz screen.gif [2010.10.08 21:21:16 | 000,097,030 | ---- | M] () -- C:\Users\Media\Documents\cc_20101008_212102.reg [2010.10.07 17:11:58 | 000,525,664 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Users\Media\Documents\GPU-Z.0.4.6.exe [2010.10.07 16:41:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2010.10.06 22:09:34 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini [2010.10.03 21:19:56 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.09.20 23:57:11 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\isolate.ini [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.18 16:57:47 | 000,239,282 | ---- | C] () -- C:\Users\Media\Desktop\Norton meldung.jpg [2010.10.18 16:29:14 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.18 12:13:12 | 000,027,648 | ---- | C] () -- C:\Users\Media\Desktop\GK09-GrammatikAufgabe1.doc [2010.10.18 11:17:53 | 001,225,904 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\Cat.DB [2010.10.18 10:49:45 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symefa64.cat [2010.10.18 10:49:45 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symnetv64.cat [2010.10.18 10:49:45 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symnet64.cat [2010.10.18 10:49:45 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symefa.inf [2010.10.18 10:49:45 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symnetv.inf [2010.10.18 10:49:45 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symnet.inf [2010.10.18 10:49:44 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\srtspx64.cat [2010.10.18 10:49:44 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\srtsp64.cat [2010.10.18 10:49:44 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symds64.cat [2010.10.18 10:49:44 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\iron.cat [2010.10.18 10:49:44 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\cchpx64.cat [2010.10.18 10:49:44 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\symds.inf [2010.10.18 10:49:44 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\cchpx64.inf [2010.10.18 10:49:44 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\srtsp64.inf [2010.10.18 10:49:44 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\srtspx64.inf [2010.10.18 10:49:44 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\iron.inf [2010.10.18 10:49:36 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1108000.005\isolate.ini [2010.10.17 13:46:44 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010.10.17 13:46:44 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010.10.17 12:22:25 | 000,000,166 | ---- | C] () -- C:\Users\Media\mbr.log [2010.10.13 16:43:36 | 000,000,120 | ---- | C] () -- C:\Users\Media\AppData\Local\Xbuyuzeleqayis.dat [2010.10.13 16:43:36 | 000,000,000 | ---- | C] () -- C:\Users\Media\AppData\Local\Pyizox.bin [2010.10.13 16:39:01 | 000,000,000 | ---- | C] () -- C:\Users\Media\AppData\Local\googleupdate.log [2010.10.11 15:27:56 | 000,014,833 | ---- | C] () -- C:\Users\Media\Documents\gpuz screen 2.gif [2010.10.10 13:49:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_GenericMount_01009.Wdf [2010.10.10 10:33:48 | 000,015,876 | ---- | C] () -- C:\Users\Media\Documents\gpuz screen.gif [2010.10.08 21:21:05 | 000,097,030 | ---- | C] () -- C:\Users\Media\Documents\cc_20101008_212102.reg [2010.10.03 21:19:56 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2010.09.08 18:22:25 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2010.07.02 06:54:48 | 000,000,093 | ---- | C] () -- C:\Users\Media\AppData\Local\fusioncache.dat [2010.06.29 17:51:27 | 000,000,600 | ---- | C] () -- C:\Users\Media\AppData\Roaming\winscp.rnd [2010.06.22 15:46:35 | 000,000,719 | ---- | C] () -- C:\Users\Media\AppData\Roaming\myMPQ.ini [2010.05.19 08:22:45 | 000,002,539 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.05.10 22:41:18 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2010.05.10 21:35:38 | 001,562,240 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.10 20:37:52 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.03.30 16:27:01 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2010.03.30 16:24:43 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini [2010.03.30 16:24:43 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini [2010.03.30 16:22:23 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.03.30 16:22:23 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.03.30 16:07:38 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.03.30 15:46:11 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2010.03.30 15:45:54 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009.08.19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009.07.29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.12.02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll ========== LOP Check ========== [2010.05.02 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Asus WebStorage [2010.05.05 10:43:37 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Baly [2010.10.07 21:04:01 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Command and Conquer 4 [2010.05.12 21:24:32 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DAEMON Tools Lite [2010.05.10 23:11:04 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\EeeStorageUploader [2010.08.19 17:13:44 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\elsterformular [2010.07.02 02:15:50 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\GetRightToGo [2010.07.24 10:56:46 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Gopym [2010.10.18 11:19:50 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ICQ [2010.08.30 20:59:42 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Moka [2010.05.31 14:12:30 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\MotioninJoy [2010.06.21 18:33:38 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Nokia [2010.06.21 18:30:25 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PC Suite [2010.05.10 23:10:58 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\temp [2010.10.18 11:16:26 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\TS3Client [2010.05.24 17:32:30 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Tunngle [2010.07.02 15:16:37 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Turbine [2010.06.23 22:27:47 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\uTorrent [2010.10.13 17:05:05 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.10.2010 18:21:58 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Media\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 63,00% Memory free 16,00 Gb Paging File | 13,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,23 Gb Total Space | 261,44 Gb Free Space | 58,59% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 278,32 Gb Free Space | 59,76% Space Free | Partition Type: NTFS Computer Name: G73 | User Name: g73 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{2B71BB94-F52C-4EF2-85E8-45E63296EDF2}" = HP OfficeJet H470 "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{69D65833-4A83-267A-7DB4-9FCBBE72675D}" = ATI Catalyst Install Manager "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A269F383-3E55-DAFF-F948-655FDB3DB58A}" = ccc-utility64 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F634E9C2-5D00-3A4B-5AB0-148C431BBDD5}" = ATI AVIVO64 Codecs "0E74EB10C05C955C24243E6D3120CDC972FC5B1D" = Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500) "2AA10AB519DC7432D599A0E860206A7DDCC27764" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) "ASUS WebStorage" = ASUS WebStorage "F9FD5BBF579A4BFD40D38BE291F731666B27DC28" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "USB 2.0 2.0M UVC WebCam" = USB 2.0 2.0M UVC WebCam "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{00772F8B-37FF-4704-A47D-72B30BFAF126}" = MPM "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0a049dab-9183-41ca-82cb-5a14c7ef2a6c}" = Nero 9 Trial "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15353551-375C-8E5A-5CAF-A4564C1CC2A5}" = ccc-core-static "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{1A45C65B-6059-4091-8433-D53DDF989FC7}" = H470 "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{2C876BA7-32D3-4DE6-9934-B6A97FA09FCE}" = 470_Help "{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM) "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{485B9C29-6B47-22AF-022A-F9D65292F3A7}" = CCC Help English "{4893B2BB-5C9B-7E6C-4BAD-BDFBAB33184A}" = Catalyst Control Center Localization All "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{5725E5CA-A91D-C903-99DB-F8C010E0B637}" = Catalyst Control Center InstallProxy "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B01FD07-1790-4EE9-B5E0-149527D70C7D}" = Nokia Ovi Suite "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{990635A0-3FCF-4933-AD9B-09CB5C0DC873}" = BPDSoftware "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AB7D24EC-BB5A-E746-C5D2-526BBE6C36AD}" = Catalyst Control Center Graphics Previews Vista "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AFFD253D-5CE1-44B5-81DC-E00EF7048770}" = BPDSoftware_Ini "{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate "{B72E80DB-DF9B-DE1E-8899-CC74B6B9456A}" = Catalyst Control Center InstallProxy "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{E022C318-BAC9-468D-8731-3C5EE63C7743}" = 470_Readme "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E805794B-E657-49CD-9110-C5AFEB416D5F}" = ProductContext "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F241EC95-C81A-466E-8006-6B0B364B07A0}" = PCMark Vantage "{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ASUS AP Bank_is1" = ASUS AP Bank "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "DirectVobSub" = DirectVobSub (remove only) "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "ElsterFormular 11.5.0.4546" = ElsterFormular "HaaliMkx" = Haali Media Splitter "hon" = Heroes of Newerth "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "iTwin_is1" = iTwin 3.0 Final "JDownloader" = JDownloader "League of Legends_is1" = League of Legends "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "NAV" = Norton AntiVirus "Nokia Ovi Suite" = Nokia Ovi Suite "OpenAL" = OpenAL "plist Editor for Windows" = plist Editor for Windows 1.0.0 "PunkBusterSvc" = PunkBuster Services "StarCraft II" = StarCraft II "Steam App 240" = Counter-Strike: Source "Trillian" = Trillian "Tunngle beta_is1" = Tunngle beta "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.0 "VMware_Workstation" = VMware Workstation "winscp3_is1" = WinSCP 4.2.8 "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Ich weiss keinen Rat mehr :/ . Geändert von tehunit (18.10.2010 um 17:30 Uhr) Grund: OTL neu nach eurer Anleitung ausgeführt |
18.10.2010, 20:07 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | iexplorer.exe, svhost.exe und mozilla.exe greifen mich an! Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du das ohne Funde gepostet hättest!
__________________Zitat:
__________________ |
18.10.2010, 20:19 | #3 |
| iexplorer.exe, svhost.exe und mozilla.exe greifen mich an! antivir log mit dem einzigen bedeutenden fund in den letzten Tagen (mitlerweile meldet sich antivir nur noch wenn ein andres tool was gefunden hat, sehr interessantes verhalten):
__________________Code:
ATTFilter Avira AntiVir Personal Erstellungsdatum der Reportdatei: Sonntag, 17. Oktober 2010 12:13 Es wird nach 2939810 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : G73 Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 11:00:59 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 11:01:01 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 06:05:53 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 19:43:48 VBASE009.VDF : 7.10.11.134 2048 Bytes 13.09.2010 19:43:48 VBASE010.VDF : 7.10.11.135 2048 Bytes 13.09.2010 19:43:48 VBASE011.VDF : 7.10.11.136 2048 Bytes 13.09.2010 19:43:48 VBASE012.VDF : 7.10.11.137 2048 Bytes 13.09.2010 19:43:48 VBASE013.VDF : 7.10.11.165 172032 Bytes 15.09.2010 19:43:48 VBASE014.VDF : 7.10.11.202 144384 Bytes 18.09.2010 19:43:48 VBASE015.VDF : 7.10.11.231 129024 Bytes 21.09.2010 19:43:49 VBASE016.VDF : 7.10.12.4 126464 Bytes 23.09.2010 19:43:49 VBASE017.VDF : 7.10.12.38 146944 Bytes 27.09.2010 19:43:49 VBASE018.VDF : 7.10.12.64 133120 Bytes 29.09.2010 01:21:48 VBASE019.VDF : 7.10.12.99 134144 Bytes 01.10.2010 14:40:19 VBASE020.VDF : 7.10.12.122 131584 Bytes 05.10.2010 14:40:19 VBASE021.VDF : 7.10.12.148 119296 Bytes 07.10.2010 13:41:52 VBASE022.VDF : 7.10.12.175 142848 Bytes 11.10.2010 14:20:12 VBASE023.VDF : 7.10.12.198 131584 Bytes 13.10.2010 14:20:13 VBASE024.VDF : 7.10.12.216 133120 Bytes 14.10.2010 14:20:13 VBASE025.VDF : 7.10.12.217 2048 Bytes 14.10.2010 14:20:13 VBASE026.VDF : 7.10.12.218 2048 Bytes 14.10.2010 14:20:13 VBASE027.VDF : 7.10.12.219 2048 Bytes 14.10.2010 14:20:13 VBASE028.VDF : 7.10.12.220 2048 Bytes 14.10.2010 14:20:13 VBASE029.VDF : 7.10.12.221 2048 Bytes 14.10.2010 14:20:13 VBASE030.VDF : 7.10.12.222 2048 Bytes 14.10.2010 14:20:13 VBASE031.VDF : 7.10.12.230 66048 Bytes 16.10.2010 10:12:46 Engineversion : 8.2.4.82 AEVDF.DLL : 8.1.2.1 106868 Bytes 01.08.2010 19:20:18 AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 28.09.2010 19:43:51 AESCN.DLL : 8.1.6.1 127347 Bytes 27.06.2010 11:01:04 AESBX.DLL : 8.1.3.1 254324 Bytes 27.06.2010 11:01:05 AERDL.DLL : 8.1.9.2 635252 Bytes 28.09.2010 19:43:51 AEPACK.DLL : 8.2.3.11 471416 Bytes 15.10.2010 14:20:17 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 24.07.2010 06:06:02 AEHEUR.DLL : 8.1.2.35 2961784 Bytes 15.10.2010 14:20:15 AEHELP.DLL : 8.1.14.0 246134 Bytes 15.10.2010 14:20:14 AEGEN.DLL : 8.1.3.23 401779 Bytes 05.10.2010 14:40:20 AEEMU.DLL : 8.1.2.0 393588 Bytes 27.06.2010 11:01:03 AECORE.DLL : 8.1.17.0 196982 Bytes 28.09.2010 19:43:50 AEBB.DLL : 8.1.1.0 53618 Bytes 27.06.2010 11:01:03 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49 AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Abweichende Gefahrenkategorien........: +JOKE,+PFS,+SPR, Beginn des Suchlaufs: Sonntag, 17. Oktober 2010 12:13 Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_LOCAL_MACHINE\Software\Microsoft\DevDiv\VC\Servicing\8.0\sp [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Microsoft\DevDiv\VC\Servicing\8.0\sp HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\8 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\10 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\11 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\12 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\13 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\7 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\9 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows CE Services\symboliclinkvalue [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. c:\progra~2\java\jre6\bin\ssvagent.exe c:\Program Files (x86)\Java\jre6\bin\ssvagent.exe [HINWEIS] Der Prozess ist nicht sichtbar. c:\progra~2\java\jre6\bin\ssvagent.exe c:\windows\syswow64\regsvr32.exe c:\Windows\SysWOW64\regsvr32.exe [HINWEIS] Der Prozess ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'tc2teur1.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'SCServer.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '177' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '113' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '96' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashUtil10k_ActiveX.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'hpswp_clipbook.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '93' Modul(e) wurden durchsucht Durchsuche Prozess 'hpswp_clipbook.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '131' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'WDC.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'AsScrPro.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'ATKOSD.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'ICQ.exe' - '142' Modul(e) wurden durchsucht Durchsuche Prozess 'vmware-authd.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'vmnetdhcp.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'vmnat.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'ALU.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'wcourier.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'sensorsrv.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'vmware-usbarbitrator.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'ControlDeckStartUp.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleUpdate.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'SeaPort.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'HControl.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'GFNEXSrv.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'ASLDRSrv.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '79' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [FUND] Enthält Code des Bootsektorvirus BOO/Alureon.A [HINWEIS] Der Sektor wurde nicht neu geschrieben! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [FUND] Enthält Code des Bootsektorvirus BOO/Alureon.A [HINWEIS] Der Sektor wurde nicht neu geschrieben! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '0' Dateien ). Ende des Suchlaufs: Sonntag, 17. Oktober 2010 12:27 Benötigte Zeit: 14:09 Minute(n) Der Suchlauf wurde abgebrochen! 0 Verzeichnisse wurden überprüft 2232 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 2232 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 2 Hinweise 797478 Objekte wurden beim Rootkitscan durchsucht 15 Versteckte Objekte wurden gefunden hier 2 malware logs wo es auch funde gab: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4834 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.10.2010 18:03:32 mbam-log-2010-10-15 (18-03-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 296629 Laufzeit: 47 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\sdfjaidhuw.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFCPP6MG\setup[1].exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. C:\Users\Media\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y9ROXPEJ\setup[2].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Media\AppData\Local\Temp\FPmfwYxJkP.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\sdfjaidhuw.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4834 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.10.2010 16:51:43 mbam-log-2010-10-15 (16-51-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 63394 Laufzeit: 19 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sdfjaidhuw.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\sdfjaidhuw.exe\sdfjaidhuw.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. |
18.10.2010, 20:28 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | iexplorer.exe, svhost.exe und mozilla.exe greifen mich an! Waren das alle Logs von malwarebytes? Edit: Zitat:
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten |
18.10.2010, 21:18 | #5 |
| iexplorer.exe, svhost.exe und mozilla.exe greifen mich an! Ich verstehe nicht? Ich habe keinen keygen/keymaker auf meinem PC. Ich glaube das letzte mal dass ich etwas illegales herunter geladen habe war zu napster Zeiten. Der Ordner Symantec Norton Ghost existiert auch nicht (mehr). Es ist allerdings installiert. Und jetzt wieder gelöscht... Mein Sohn hat allerdings noch Zugriff zu diesen Laptop, ich gehe davon aus dass wir da den Schuldigen haben. Er wollte sich auch großmäulig um das Virenproblem kümmern und lässt mich jetzt hier hängen. Es tut mir leid wenn ich dich verärgert habe. |
Themen zu iexplorer.exe, svhost.exe und mozilla.exe greifen mich an! |
32-bit, anti-malware, anzeige, anzeigen, ask.com, avgntflt.sys, c:\windows\system32\rundll32.exe, components, dateien, diverse, diverse seiten, document, driver genius, google, helper.exe, home premium, iastor.sys, ieframe.dll, iexplorer, iexplorer.exe, install.exe, intrusion prevention, jdownloader, klicke, laptop, league of legends, leitet, location, log, microsoft office word, mozilla, neue, nicht mehr, officejet, oldtimer, otl logfile, plug-in, probleme, programdata, prozess, remote control, remote software, rojaner gefunden, saver, scan, searchplugins, seite, seiten, shell32.dll, shortcut, sptd.sys, syswow64, tab, trojaner, trojaner gefunden, usb 2.0, virus, vlc media player, webcheck, win, öffnen |