| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivir meldet das Trojanische Pferd TR/Inject.azatWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.01.2011, 02:12
| #1 |
| |  Antivir meldet das Trojanische Pferd TR/Inject.azat vorhin meldete antivir das Trojanische Pferd TR/Inject.azat in der datei C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNW6ZRH2\cnkqaweuesfzxwcoct[1].exe und seitdem läuft mein pc recht langsam manche seiten brauchen bis zu 10minuten bist die fertig geladen sind teilweise habe ich auch garkeine internet verbindung mehr ich hoffe ihr könnt mir weiterhelfen Code:
ATTFilter OTL logfile created on: 24.01.2011 01:11:58 - Run 2 OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\***\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 72,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,87 Gb Total Space | 16,25 Gb Free Space | 27,14% Space Free | Partition Type: NTFS Drive D: | 596,17 Gb Total Space | 463,93 Gb Free Space | 77,82% Space Free | Partition Type: NTFS Drive E: | 596,17 Gb Total Space | 593,87 Gb Free Space | 99,61% Space Free | Partition Type: NTFS Drive F: | 59,87 Gb Total Space | 56,45 Gb Free Space | 94,29% Space Free | Partition Type: NTFS Drive H: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.23 01:02:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2010.12.15 16:55:46 | 000,944,496 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2010.12.10 14:21:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.02 14:23:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.02 14:23:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2008.06.18 13:54:20 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe PRC - [2008.05.02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2008.02.25 17:57:48 | 000,034,040 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe PRC - [2008.02.25 17:57:22 | 000,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2008.02.25 17:53:16 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008.02.25 01:02:54 | 000,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008.01.25 17:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe ========== Modules (SafeList) ========== MOD - [2011.01.23 01:02:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.01.21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv) SRV - [2011.01.06 03:07:40 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_dbc0250.dll -- (Akamai) SRV - [2010.12.10 14:21:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.17 14:44:10 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.02 14:23:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.24 17:19:18 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.14 12:26:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe -- (Sound Blaster MB Licensing Service) SRV - [2008.05.02 02:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.04.25 12:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.02.25 17:57:22 | 000,021,752 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008.02.25 17:53:16 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008.02.25 01:02:54 | 000,049,152 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008.01.25 17:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.22 16:14:24 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2008.02.29 03:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2008.02.29 03:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2008.02.29 03:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2008.02.21 03:55:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2008.01.30 10:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2007.12.14 09:10:00 | 000,092,160 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64l.sys -- (SkLaggProtocol) DRV:64bit: - [2007.11.26 04:16:32 | 000,086,016 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:64bit: - [2007.11.23 09:10:00 | 000,025,088 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64v.sys -- (SkVlanProtocol) DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- D:\SiSoftware Sandra Lite 2010c\WNt500x64\sandra.sys -- (SANDRA) DRV - [2008.06.18 13:54:58 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.04.25 12:23:40 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) DRV - [2005.01.04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.yahoo.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.10.15 06:59:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.09 17:32:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.09 17:32:10 | 000,000,000 | ---D | M] [2009.02.04 13:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\mozilla\Extensions [2010.08.28 02:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions [2010.04.27 13:24:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.28 02:33:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.28 02:30:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.23 22:32:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.23 22:32:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\k3u1tta5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.01.23 00:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\kvab3347.Standard-Benutzer\extensions [2010.12.02 23:26:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steven\AppData\Roaming\mozilla\Firefox\Profiles\kvab3347.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.28 02:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.10.15 06:59:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.08.22 13:16:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.08.22 13:16:44 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.08.22 13:16:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.08.22 13:16:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.08.22 13:16:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [EmpoweringTechnology] File not found O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\ICQ7.0\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Steven\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Steven\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.11 00:09:29 | 000,000,047 | -H-- | M] () - H:\autorun.inf -- [ UDF ] O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- [2010.09.11 00:09:30 | 002,508,760 | ---- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.23 01:02:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe [2011.01.12 21:23:05 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.01.12 21:23:05 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.01.12 21:23:00 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdclt.exe [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.24 01:05:20 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{660A2F38-EA1B-4456-9F77-936D0B0101C3}.job [2011.01.23 23:50:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.23 23:50:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.23 19:56:53 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.23 19:56:53 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.23 19:56:53 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.23 19:56:53 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.23 19:56:53 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.23 19:51:13 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.01.23 19:51:13 | 000,037,013 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.01.23 19:50:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2011.01.23 19:50:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.23 01:02:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.01.22 03:11:49 | 000,464,261 | ---- | M] () -- C:\Users\***\Desktop\WoW_UI.jpg [2011.01.20 23:53:19 | 000,484,593 | ---- | M] () -- C:\Users\***\Desktop\7b48d3508f1a4f5691d624d966a62c0a.jpg [2011.01.14 15:33:17 | 000,589,916 | ---- | M] () -- C:\Users\***\Desktop\raidingtactics.jpg [2011.01.03 16:26:20 | 000,036,542 | ---- | M] () -- C:\Users\***\Desktop\conquestpointcapvsperso.png [2010.12.28 17:08:18 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.22 03:12:31 | 000,464,261 | ---- | C] () -- C:\Users\***\Desktop\WoW_UI.jpg [2011.01.20 23:53:18 | 000,484,593 | ---- | C] () -- C:\Users\***\Desktop\7b48d3508f1a4f5691d624d966a62c0a.jpg [2011.01.14 15:33:17 | 000,589,916 | ---- | C] () -- C:\Users\***\Desktop\raidingtactics.jpg [2011.01.06 03:08:53 | 000,359,782 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI62F4.txt [2011.01.06 03:08:53 | 000,011,194 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI62F4.txt [2011.01.03 16:26:20 | 000,036,542 | ---- | C] () -- C:\Users\***\Desktop\conquestpointcapvsperso.png [2010.12.09 00:49:53 | 000,360,550 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI6CD8.txt [2010.12.09 00:49:53 | 000,011,226 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI6CD8.txt [2010.12.01 03:13:03 | 000,358,630 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI695B.txt [2010.12.01 03:13:03 | 000,011,146 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI695B.txt [2010.11.30 22:08:41 | 000,359,398 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI0067.txt [2010.11.30 22:08:41 | 000,011,178 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI0067.txt [2010.11.29 21:33:41 | 000,358,632 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI1778.txt [2010.11.29 21:33:40 | 000,011,146 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI1778.txt [2010.11.11 04:01:37 | 000,358,248 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI73DE.txt [2010.11.11 04:01:37 | 000,011,130 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI73DE.txt [2010.09.23 02:39:53 | 000,359,400 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI40CB.txt [2010.09.23 02:39:53 | 000,011,178 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI40CB.txt [2010.09.11 10:19:25 | 000,360,930 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI76E9.txt [2010.09.11 10:19:25 | 000,011,242 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI76E9.txt [2010.08.11 06:25:21 | 000,000,638 | ---- | C] () -- C:\Users\***\AppData\Roaming\MPQEditor.ini [2010.03.26 02:16:15 | 000,442,410 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI70A2.txt [2010.03.26 02:16:15 | 000,011,714 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI70A2.txt [2010.03.19 06:59:57 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys [2010.02.14 07:11:05 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss [2010.02.06 18:13:56 | 012,427,264 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.01.31 21:44:21 | 000,024,088 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2010.01.19 13:49:50 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll [2010.01.19 13:49:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll [2010.01.11 05:50:08 | 000,418,354 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI7E7E.txt [2010.01.11 05:50:08 | 000,011,482 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI7E7E.txt [2009.09.24 17:13:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.24 17:13:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.07.27 15:04:00 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.07.27 02:01:30 | 000,037,013 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.06.20 17:34:47 | 000,329,138 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI088C.txt [2009.06.20 17:34:47 | 000,011,162 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI088C.txt [2009.06.18 13:48:34 | 000,328,676 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI3F21.txt [2009.06.18 13:48:33 | 000,012,178 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI3F21.txt [2009.06.18 13:47:50 | 000,330,658 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI3E95.txt [2009.06.18 13:47:50 | 000,011,226 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI3E95.txt [2009.06.18 02:35:35 | 000,001,000 | ---- | C] () -- C:\Windows\wininit.ini [2009.06.17 13:42:37 | 000,810,510 | ---- | C] () -- C:\Users\***\AppData\Local\dd_NET_Framework35_LangPack_MSI6C75.txt [2009.06.17 13:42:35 | 000,036,144 | ---- | C] () -- C:\Users\***\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2009.06.17 13:42:32 | 000,076,494 | ---- | C] () -- C:\Users\***\AppData\Local\dd_dotnetfx35install_lp.txt [2009.06.17 13:42:32 | 000,001,604 | ---- | C] () -- C:\Users\***\AppData\Local\uxeventlog.txt [2009.06.17 13:42:32 | 000,000,002 | ---- | C] () -- C:\Users\***\AppData\Local\dd_dotnetfx35error_lp.txt [2009.05.14 10:40:20 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat [2009.04.22 01:41:19 | 000,003,688 | ---- | C] () -- C:\Windows\jtxpv_vp.ini [2009.04.22 01:41:19 | 000,001,431 | ---- | C] () -- C:\Windows\cwzwtsh32.ini [2009.04.22 00:41:19 | 000,420,746 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI7F06.txt [2009.04.22 00:41:19 | 000,011,450 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI7F06.txt [2009.03.14 18:52:04 | 000,024,576 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.02 18:16:56 | 000,002,032 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.10.14 12:33:31 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.10.14 12:33:31 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.04.30 18:01:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll [2008.04.30 18:01:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll [2008.04.30 17:48:30 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll [2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll [2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2002.04.19 15:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\SysWow64\libpostproc.dll [2002.04.19 14:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll [2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll [2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll [2002.02.21 17:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll [2001.06.22 12:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\MPEG2DEC.dll ========== LOP Check ========== [2010.01.29 15:18:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2010.07.28 04:36:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cewuqo [2010.08.28 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.05.06 15:19:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2009.09.01 01:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fizzy [2009.03.14 11:14:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FOG Downloader [2009.03.15 10:01:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2009.05.22 16:51:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.12.06 03:14:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2009.04.22 01:51:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2009.10.15 16:15:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Multi File Downloader [2010.05.27 00:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2009.03.17 12:44:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2010.01.31 21:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.06.09 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\thriXXX [2010.01.12 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2010.07.28 15:18:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wiutez [2011.01.23 19:49:45 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.24 01:05:20 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{660A2F38-EA1B-4456-9F77-936D0B0101C3}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.01.2011 01:11:58 - Run 2
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\***\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 72,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,87 Gb Total Space | 16,25 Gb Free Space | 27,14% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 463,93 Gb Free Space | 77,82% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 593,87 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
Drive F: | 59,87 Gb Total Space | 56,45 Gb Free Space | 94,29% Space Free | Partition Type: NTFS
Drive H: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = A0 0D 74 08 32 A0 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03513A5C-343E-43A6-9C7F-33EBA81685E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{093A54DF-DDEA-4909-8B64-8ABDB52AC525}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{097C57BB-23AE-4748-B603-8E72C132D057}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0AB17E55-724F-41BE-B4A5-A9C1095057EF}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{0AD6468B-FD58-46CA-8B27-AC3162504140}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{1E440AF0-8CC1-4094-990C-CE17846B9A63}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{224FB75D-7742-478B-B4AF-A1E25644FED1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{279997E7-90B0-4506-B943-7DA5FE17AACC}" = rport=445 | protocol=6 | dir=out | app=system |
"{3363AA05-64ED-4EBA-92E9-87288D9169FE}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\rpcagentsrv.exe |
"{37EAAEF1-3130-4F52-8D77-EF98F8C80396}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader |
"{4D10BEDE-BCB1-4202-9C72-43D453028B55}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{62C409A9-DAB5-469E-AE8F-A909D7FA5AE2}" = lport=445 | protocol=6 | dir=in | app=system |
"{699FD8CB-D989-4589-A4F0-4797331FD7D8}" = rport=137 | protocol=17 | dir=out | app=system |
"{91E1DC29-09CA-4178-ADF5-8C5761154446}" = rport=138 | protocol=17 | dir=out | app=system |
"{9FE04F8A-3621-458B-A9C0-F9BDE34D6733}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF0BE660-80BB-4268-A776-15F3BADD7700}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{D18E3C64-C0DF-417E-8935-06749F8C44AD}" = lport=138 | protocol=17 | dir=in | app=system |
"{D90207CA-5E71-4121-BC31-6D934F3D39D3}" = lport=rpc | protocol=6 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{EB2D9683-B100-4512-89BB-CD3935F06032}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005166BD-BBDD-4C08-9374-B09D0B65F39A}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{052FBE7B-DADB-4C1D-A7BB-C24A4351B712}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{05379253-FE95-4265-AB23-337EFA555607}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{05DF7B9C-8859-4484-9FD5-C3BBA9FF138D}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{0630D2C0-B945-4517-BA4E-F656A7173E69}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{06F70A8D-E906-4956-A6EF-0B1F0E90573E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0B5F3844-7CE8-4BE5-A1D8-C5993A1BAA61}" = protocol=17 | dir=in | app=d:\world of warcraft public test\launcher.exe |
"{0DCD6FC0-2936-4FCB-98C8-D53C4A24AC9B}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{0E741F55-E79F-4F01-9315-F6A3CB6BCFE2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0F80C433-F49B-4880-9857-89B237678385}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{101266E2-B923-48C4-88C9-034E6135EF87}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\pmvservice.exe |
"{105437F4-6152-411F-9286-489EDBC069D0}" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base15405\sc2.exe |
"{12C9B0FA-4B33-4797-9772-5505CDA0BAFA}" = dir=in | app=c:\program files (x86)\acer arcade live\acer playmovie\playmovie.exe |
"{1355A462-D46C-439E-913D-988F74650225}" = protocol=17 | dir=in | app=d:\icq7.0\aolload.exe |
"{169A1FD8-9A43-4169-964D-B0660A30916C}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{191F3D32-5A4E-4F77-82C5-34D86D197943}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{1BFE8954-8150-46E5-A523-327828C8748B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1DB90D25-282F-4156-BDDC-5DC6C2ADE624}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2030C680-0A39-4455-8633-9BDB76677A5E}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\rpcagentsrv.exe |
"{25E500D4-2913-4914-BEA7-469DF23AFF31}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{27C0214E-3ABB-4F03-B573-F95F3BD2F99C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2B7F6C71-B331-4430-AAAC-9C5E8DA4E3C4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{2BCC1D58-2386-49A0-B24A-4F42D0C9F2CD}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{2BEB0C3B-A16D-4AA7-8F8B-A1ABF937B273}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2E462275-E5F4-496B-9028-FC0001B61043}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{30986A02-92A4-4494-8B28-354B2582767B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe |
"{30E64774-3950-47C7-B4E1-9116B67C7264}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{30FA1D15-0465-4E44-AC58-E3F622D0060F}" = protocol=17 | dir=in | app=d:\icq7.0\aolload.exe |
"{350E126E-0EC6-4760-940C-18C261AF7B61}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{40BC9CA5-BE55-438A-81A2-7E2B4C14A778}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{42B7160E-65DF-4E4C-AC7F-3C77A9D06C2E}" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base15405\sc2.exe |
"{450414CA-FD97-4448-91DC-497C4C6E5916}" = protocol=6 | dir=in | app=d:\icq7.0\icq.exe |
"{4CEF297D-6BB1-494B-90BA-AED44C78E6CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{50CE056A-5733-4745-9FFE-B628E469A308}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{53E3CFC7-82E7-4A25-85C2-ACC3884410EF}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{57394E59-EBB5-409D-99E4-564099B95930}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{57D81137-4B70-4BA7-A2EC-CD07AC597E75}" = protocol=17 | dir=in | app=d:\icq7.0\icq.exe |
"{587B9219-66BA-4C9C-9809-354590F284C0}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{5EFCB4C1-BF43-4D9C-BF99-40328D6D3128}" = protocol=6 | dir=in | app=d:\world of warcraft public test\launcher.exe |
"{6004C96E-AAC2-4B47-AED8-5C48A4BC06C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{682644CC-5087-4A98-8D8B-DA7F652F6EFF}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{74043A72-42B0-459C-AB2E-88E9817B2F52}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{75E83B53-63B8-4352-B96A-524CD5276DAA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{7822894B-27E7-4B8D-A6BD-73491F51C5A2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe |
"{8079B1EF-AB1D-4C6F-8E98-3608C69FBD1E}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{8266D179-9B25-4858-957C-0F9391794CF4}" = protocol=1 | dir=in | app=d:\sisoftware sandra lite 2010c\wnt500x64\rpcsandrasrv.exe |
"{85ED011E-611E-4E9B-A07A-4A879B8304C0}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{87296A24-7EA6-4B5D-A748-5AE363B1CD2D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{88452F52-57C3-4FCB-83EB-1C489652E6F9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{95F5DFA7-6966-4223-8561-1584A83379F8}" = protocol=6 | dir=in | app=d:\icq7.0\icq.exe |
"{97782F54-6D7E-49CB-A774-36C792662657}" = protocol=6 | dir=in | app=d:\icq7.0\icq.exe |
"{A218AB84-EF0C-4B64-B481-34F52A1B1DF2}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{A2CFC459-D444-4902-AC6B-8484D0D24742}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{A410D1C2-B7A5-44BD-B69B-0B71D2F8DC1D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{A444FA16-3DC2-4405-AC25-D84F6E6BD253}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{A4F8FA68-FD88-4D47-A6C6-F31E3F7CF648}" = protocol=6 | dir=in | app=d:\icq7.0\aolload.exe |
"{A5CFD1A0-9610-4D1E-A197-603F2CBE54E0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{A6033152-D00E-40B0-80E4-E9CCCFF638FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A9E983A0-0845-4481-881D-EB4531E32067}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{AE238DA1-08EC-4ADB-A198-480993598B63}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{AE50672B-D24F-4F77-90D9-BCB90C5B56E4}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{B3639CA8-F03C-4BD6-9E89-31CB696DE1D6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{B4CB7B43-A390-4AC8-A4F6-9B5832AC6D9D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C1E3E8D3-4F83-4317-902C-B303E97AA94F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C82FE470-073C-4B01-A0EF-F7C8E1B03024}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{C87D5A30-9E92-41C8-AA2A-9533EADE18CF}" = protocol=6 | dir=in | app=d:\world of warcraft public test\launcher.patch.exe |
"{CC4FC1F3-0FAF-4735-9E73-51129454BB6F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{D3AABF3B-9170-44D8-8C3E-8531FA15CAF3}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{D506CD02-A1FB-4A46-AA9E-3D1B25D7364A}" = protocol=17 | dir=in | app=d:\icq7.0\icq.exe |
"{D5121C37-E81D-4A70-ABE7-E73B4CB8CD9E}" = protocol=17 | dir=in | app=d:\world of warcraft public test\launcher.patch.exe |
"{D8B00843-8317-4635-90A6-3FEB82FC1BAB}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{DB300369-54C7-4F9E-88EC-1E8B92F11D75}" = protocol=17 | dir=in | app=d:\icq7.0\icq.exe |
"{DFEEC633-6EAA-42E1-BBC3-856CAFB55E77}" = protocol=6 | dir=in | app=d:\icq7.0\aolload.exe |
"{E794B4E0-77E6-4CE0-9F3E-117FB4378A88}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{EBEDEAF4-7120-4603-A96D-47C130DF82D3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{F66C57DC-59DF-46ED-B981-322F45237DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FC75459E-4FB1-4373-AA94-14E4EEEC3C58}" = protocol=6 | dir=in | app=d:\icq7.0\aolload.exe |
"{FEB56707-64DA-426C-9451-2B63E59E754E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{FED231F3-8F49-44F2-95F8-420E445D572D}" = protocol=17 | dir=in | app=d:\icq7.0\aolload.exe |
"TCP Query User{10406898-3385-4495-B591-5B134DEA9EF4}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{20F87E5A-6865-4B42-8B0C-57F37F6DD4E9}C:\users\***\appdata\roaming\wiutez\fiuhi.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\wiutez\fiuhi.exe |
"TCP Query User{45AF3DFF-7F0A-4121-908D-93A74DDD6B6B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{53C5BC60-3958-47A9-A9C2-D7FB7484F59D}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{70046869-3509-49DC-B449-6B03EA9344F5}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{7BEDCF02-34B4-4D21-8874-6041AEBBACC8}C:\program files (x86)\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\recordingmanager.exe |
"TCP Query User{8641C09E-98E4-4FE2-9441-ABDBED734718}D:\lf2_v2.0\lf2.exe" = protocol=6 | dir=in | app=d:\lf2_v2.0\lf2.exe |
"TCP Query User{8D810DB9-DE0B-4717-8F39-D3202343DC1D}C:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |
"TCP Query User{99EBDA11-B20F-4C00-9B3C-C4FDF1027933}C:\users\***\downloads\teamspeak3-server_win64-3.0.0-beta15\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\teamspeak3-server_win64-3.0.0-beta15\teamspeak3-server_win64\ts3server_win64.exe |
"TCP Query User{AD6E2585-95C2-4CA3-BD34-03981C1CF2BF}C:\program files (x86)\tortun\gui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tortun\gui.exe |
"TCP Query User{AD709E33-1E6C-4280-8479-B6018E5E1672}D:\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{AF60850A-ACB7-4C72-AEDF-B303FFA172FB}D:\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{B0A2471F-B30D-44F1-986A-E1274BB92A35}D:\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{CD12E129-56CE-4D85-B94C-33AE09543440}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{D4DB6FAA-5B13-418C-8668-9FFAC785E106}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{E7CD2306-3263-4403-BA71-89111DEB494E}C:\program files (x86)\multi file downloader\multifiledownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\multi file downloader\multifiledownloader.exe |
"UDP Query User{04790CB6-8F63-4B6D-A10E-7C08AF5BCF56}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{07E12E15-CC5E-4919-BDB2-BFA71B5A45F3}C:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe |
"UDP Query User{2C8DF1AC-F28E-4ED6-B56E-B9DAA018A42C}C:\users\***\downloads\teamspeak3-server_win64-3.0.0-beta15\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\teamspeak3-server_win64-3.0.0-beta15\teamspeak3-server_win64\ts3server_win64.exe |
"UDP Query User{3088D6AA-5BA8-43CD-9FD7-75A31C325B65}D:\lf2_v2.0\lf2.exe" = protocol=17 | dir=in | app=d:\lf2_v2.0\lf2.exe |
"UDP Query User{330CA299-7F9D-451D-BA74-163935AAAD5C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{50939D78-44C8-4516-A8F2-8F15DDE7055A}D:\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{62E01EAA-71DA-4981-AFB6-EAD7FBC0488E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{63984F3B-9B08-478F-A7BA-EE654A449B80}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{67889728-4589-45DF-B132-DD0540838EBD}C:\program files (x86)\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\recordingmanager.exe |
"UDP Query User{686ADBBF-C361-4391-823A-D8451A169142}C:\program files (x86)\multi file downloader\multifiledownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\multi file downloader\multifiledownloader.exe |
"UDP Query User{8D63EB5A-F905-4536-8928-69EC18D8D5F8}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{AC55E75A-9373-493E-891B-DCDB427CED1C}D:\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{B5826EF2-BBB9-4DCC-923E-782BA2CF798E}C:\program files (x86)\tortun\gui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tortun\gui.exe |
"UDP Query User{E002995B-D049-4BED-9836-976480CACBFF}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{ED93CC83-44E8-4E9C-94A2-0B83DD0AC208}C:\users\***\appdata\roaming\wiutez\fiuhi.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\wiutez\fiuhi.exe |
"UDP Query User{EFAF022F-0E32-4100-9784-A24358F46EBD}D:\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base16605\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{906BDDA8-9E8F-45B7-8520-36F7961FD65D}" = Logitech GamePanel Software 2.02
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010c
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Defraggler" = Defraggler
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{143C7D3A-02DD-4163-9880-11B202B7E3E6}" = Creative Sound Blaster MB
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A351AAA-E651-41B1-89B6-972A676FF78B}" = Marvell Network Configuration Utility
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"ALchemy SB MB" = Creative ALchemy (SB MB Edition)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.01.2011 22:42:25 | Computer Name = ***-PC | Source = Perflib | ID = 1008
Description =
Error - 21.01.2011 22:42:25 | Computer Name = ***-PC | Source = Perflib | ID = 1005
Description =
Error - 21.01.2011 22:42:25 | Computer Name = ***-PC | Source = Perflib | ID = 1018
Description =
Error - 21.01.2011 22:42:25 | Computer Name = ***-PC | Source = Perflib | ID = 1008
Description =
Error - 22.01.2011 10:32:23 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.01.2011 10:32:23 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.01.2011 11:31:01 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.01.2011 11:31:01 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.01.2011 14:50:56 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.01.2011 14:50:56 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 20.01.2011 10:50:04 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 20.01.2011 23:15:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 21.01.2011 10:32:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 21.01.2011 10:33:02 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 22.01.2011 10:32:28 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 22.01.2011 10:32:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.01.2011 11:32:00 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 23.01.2011 11:32:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.01.2011 14:51:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.01.2011 14:52:50 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5583
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
24.01.2011 01:10:45
mbam-log-2011-01-24 (01-10-45).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|J:\|K:\|L:\|)
Durchsuchte Objekte: 316757
Laufzeit: 29 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
24.01.2011, 11:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antivir meldet das Trojanische Pferd TR/Inject.azat Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
24.01.2011, 16:00
| #3 |
| | Antivir meldet das Trojanische Pferd TR/Inject.azat gibt keine weiteren dies ist das einzigste
__________________ |
|
24.01.2011, 16:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir meldet das Trojanische Pferd TR/Inject.azat Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.11 00:09:29 | 000,000,047 | -H-- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- [2010.09.11 00:09:30 | 002,508,760 | ---- | M] ()
[2010.03.19 06:59:57 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys
[2009.04.22 01:41:19 | 000,003,688 | ---- | C] () -- C:\Windows\jtxpv_vp.ini
[2009.04.22 01:41:19 | 000,001,431 | ---- | C] () -- C:\Windows\cwzwtsh32.ini
[2010.01.29 15:18:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2010.07.28 04:36:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cewuqo
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.01.2011, 16:44
| #5 |
| | Antivir meldet das Trojanische Pferd TR/Inject.azat habe alles so ausgeführt wie beschrieben kurz nachdem ich auf Fix geklickt hatte kam eine meldung "Access violation at adress 005CC7ED in module 'OTL.exe' Read of address 00000000" die ich mit OK weggeklickt habe kurz darauf ist der pc neugestartet und folgendes logfile hat sich geöffnet Code:
ATTFilter All processes killed
Error: Unable to interpret <O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{7067e8e0-99e1-11dd-883d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- [2010.09.11 00:09:30 | 002,508,760 | ---- | M] ()> in the current context!
Error: Unable to interpret <[2010.03.19 06:59:57 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys> in the current context!
Error: Unable to interpret <[2009.04.22 01:41:19 | 000,003,688 | ---- | C] () -- C:\Windows\jtxpv_vp.ini> in the current context!
Error: Unable to interpret <[2009.04.22 01:41:19 | 000,001,431 | ---- | C] () -- C:\Windows\cwzwtsh32.ini> in the current context!
Error: Unable to interpret <[2010.01.29 15:18:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#> in the current context!
Error: Unable to interpret <[2010.07.28 04:36:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cewuqo> in the current context!
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 98150 bytes
->Temporary Internet Files folder emptied: 188592 bytes
->Flash cache emptied: 75 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: ***
->Temp folder emptied: 1337742 bytes
->Temporary Internet Files folder emptied: 18211696 bytes
->Java cache emptied: 7617522 bytes
->FireFox cache emptied: 147253713 bytes
->Opera cache emptied: 73273319 bytes
->Flash cache emptied: 1130063 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37137 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 238,00 mb
OTL by OldTimer - Version 3.2.20.4 log created on 01242011_162934
Files\Folders moved on Reboot...
File move failed. H:\autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
24.01.2011, 20:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir meldet das Trojanische Pferd TR/Inject.azat Das ":OTL" hast du mitkopiert? Sieht nämlich nicht danach aus. Wiederhol den Schritt bitte.
__________________ --> Antivir meldet das Trojanische Pferd TR/Inject.azat |
|
24.01.2011, 20:26
| #7 |
| | Antivir meldet das Trojanische Pferd TR/Inject.azat das :OTL habe ich mitkopiert habe den vorgang nochmal wiederholt diesmal kam die selbe meldung wie beim ersten mal "Access violation at adress 005CC7ED in module 'OTL.exe' Read of address 00000000" pc wurde neugestartet ein logfile wurde geöffnet wo nicht wirklich viel drinne steht diesmal Code:
ATTFilter Files\Folders moved on Reboot...
File move failed. H:\autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
24.01.2011, 20:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir meldet das Trojanische Pferd TR/Inject.azat Nagut. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2011, 20:59
| #9 |
| | Antivir meldet das Trojanische Pferd TR/Inject.azat alles wie beschrieben ausgeführt Code:
ATTFilter ComboFix 11-01-23.07 - *** 24.01.2011 20:45:11.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.8190.6641 [GMT 1:00]
ausgeführt von:: c:\users\Steven\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\AppData\Roaming\.#
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-24 bis 2011-01-24 ))))))))))))))))))))))))))))))
.
2011-01-24 19:48 . 2011-01-24 19:48 -------- d-----w- c:\users\***\AppData\Local\temp
2011-01-24 19:48 . 2011-01-24 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-24 19:48 . 2011-01-24 19:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-01-24 15:26 . 2011-01-24 15:26 -------- dc----w- C:\_OTL
2011-01-21 14:37 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21B99109-50B5-4BC6-B9F4-35AADB18A9D5}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-11-28 18:55 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-28 18:55 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 15:14 . 2009-06-20 16:35 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-06 11:18 . 2010-12-15 12:00 500224 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-06 11:18 . 2010-12-15 12:00 655872 ----a-w- c:\windows\system32\taskschd.dll
2010-11-06 11:18 . 2010-12-15 12:00 410112 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-06 11:18 . 2010-12-15 12:00 855040 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 23:58 . 2010-12-15 12:00 267776 ----a-w- c:\windows\system32\taskeng.exe
2010-11-04 18:55 . 2010-12-15 12:00 352768 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-04 18:55 . 2010-12-15 12:00 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-04 16:34 . 2010-12-15 12:00 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 06:27 . 2010-12-15 12:00 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 06:24 . 2010-12-15 12:00 56832 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 06:23 . 2010-12-15 12:00 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 06:23 . 2010-12-15 12:00 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 06:23 . 2010-12-15 12:00 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 06:01 . 2010-12-15 12:00 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-02 05:57 . 2010-12-15 12:00 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 12:00 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 12:00 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2010-11-02 05:57 . 2010-12-15 12:00 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2010-11-02 05:25 . 2010-12-15 12:00 479232 ----a-w- c:\windows\system32\html.iec
2010-11-02 05:01 . 2010-12-15 12:00 385024 ----a-w- c:\windows\SysWow64\html.iec
2010-11-02 04:45 . 2010-12-15 12:00 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:44 . 2010-12-15 12:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:26 . 2010-12-15 12:00 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 12:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-10-28 16:29 . 2010-12-15 12:01 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 15:44 . 2010-12-15 12:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-28 14:05 . 2010-12-15 12:01 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:56 . 2010-12-15 12:00 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-28 13:27 . 2010-12-15 12:01 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-10-28 13:20 . 2010-12-15 12:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-02-25 34040]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2008-06-18 172032]
"WarReg_PopUp"="c:\program files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-10 0]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-2 1196048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R3 dump_wmimmc;dump_wmimmc;d:\flyff\GameGuard\dump_wmimmc.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\sisoftware sandra lite 2010c\RpcAgentSrv.exe [2009-08-24 93336]
R3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\DRIVERS\yk60x64l.sys [2007-12-14 92160]
R3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\DRIVERS\yk60x64v.sys [2007-11-23 25088]
R3 Sound Blaster MB Licensing Service;Sound Blaster MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe [2008-10-14 79360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl [2008-06-18 32240]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2008-02-21 393728]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
2011-01-24 c:\windows\Tasks\User_Feed_Synchronization-{660A2F38-EA1B-4456-9F77-936D0B0101C3}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-10-26 286752]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-29 5682688]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 374808]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 3040280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.intl.acer.yahoo.com/
mStart Page = hxxp://de.intl.acer.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kvab3347.Standard-Benutzer\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2011-01-24 20:50:08
ComboFix-quarantined-files.txt 2011-01-24 19:50
Vor Suchlauf: 17 Verzeichnis(se), 19.091.755.008 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 18.989.166.592 Bytes frei
- - End Of File - - 948C67C970A6986566FE2C3E67E18F7A
|
|
24.01.2011, 21:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir meldet das Trojanische Pferd TR/Inject.azat Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2011, 22:10
| #11 |
| | Antivir meldet das Trojanische Pferd TR/Inject.azat habe beide programme wie beschrieben ausgeführt allerdings habe ich bei GMER nach klicken auf Copy kein log bekommen MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: AMI
System Manufacturer: Acer
System Product Name: Aspire G7700
Logical Drives Mask: 0x00000ffc
Kernel Drivers (total 149):
0x02A5E000 \SystemRoot\system32\ntoskrnl.exe
0x02A18000 \SystemRoot\system32\hal.dll
0x0060A000 \SystemRoot\system32\kdcom.dll
0x00614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0064F000 \SystemRoot\system32\PSHED.dll
0x00663000 \SystemRoot\system32\CLFS.SYS
0x006C0000 \SystemRoot\system32\CI.dll
0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F6000 \SystemRoot\system32\drivers\acpi.sys
0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00955000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095F000 \SystemRoot\system32\drivers\pci.sys
0x0098F000 \SystemRoot\System32\drivers\partmgr.sys
0x009A4000 \SystemRoot\system32\drivers\volmgr.sys
0x00772000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B8000 \SystemRoot\system32\drivers\nvrd64.sys
0x00A0A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A36000 \SystemRoot\system32\drivers\pciide.sys
0x00A3D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00A4D000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A60000 \SystemRoot\system32\drivers\nvraid.sys
0x00A83000 \SystemRoot\System32\Drivers\UBHelper.sys
0x00A8B000 \SystemRoot\system32\drivers\atapi.sys
0x00A93000 \SystemRoot\system32\drivers\ataport.SYS
0x00AB7000 \SystemRoot\system32\drivers\nvstor64.sys
0x00AE1000 \SystemRoot\system32\drivers\storport.sys
0x00B3E000 \SystemRoot\system32\DRIVERS\jraid.sys
0x00B58000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00B86000 \SystemRoot\system32\drivers\fltmgr.sys
0x00BCD000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C0C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E03000 \SystemRoot\system32\drivers\ndis.sys
0x00C93000 \SystemRoot\system32\drivers\msrpc.sys
0x00CE3000 \SystemRoot\system32\drivers\NETIO.SYS
0x01003000 \SystemRoot\System32\drivers\tcpip.sys
0x01179000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138F000 \SystemRoot\system32\drivers\wd.sys
0x01397000 \SystemRoot\system32\drivers\volsnap.sys
0x013DB000 \SystemRoot\System32\Drivers\spldr.sys
0x013E3000 \SystemRoot\System32\Drivers\mup.sys
0x011A5000 \SystemRoot\System32\drivers\ecache.sys
0x011D1000 \SystemRoot\system32\drivers\disk.sys
0x013F5000 \SystemRoot\system32\drivers\crcdisk.sys
0x011EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00FF0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00D3C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03A05000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x04697000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04699000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0477C000 \SystemRoot\System32\drivers\watchdog.sys
0x0478C000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x00D4F000 \SystemRoot\system32\DRIVERS\serial.sys
0x047F1000 \SystemRoot\system32\DRIVERS\serenum.sys
0x00D6C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x00D77000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x00DBD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x00DCE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x00DEA000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x0480F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x048FC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x0490E000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x0491E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04927000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x04960000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0496D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04990000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0499C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x049CD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x049DD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00BE1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x009E4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00DF2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x049FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04A0C000 \SystemRoot\system32\DRIVERS\ks.sys
0x04A40000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04A4B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04A5B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04AA3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05000000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0514A000 \SystemRoot\system32\drivers\portcls.sys
0x05185000 \SystemRoot\system32\drivers\drmk.sys
0x051A8000 \SystemRoot\system32\drivers\ksthunk.sys
0x051AE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x051B8000 \SystemRoot\System32\Drivers\Null.SYS
0x051CC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x051EA000 \SystemRoot\System32\drivers\vga.sys
0x04AB7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x051C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x051D4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x051DD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04ADC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04AED000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x04AF6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04B13000 \SystemRoot\system32\DRIVERS\smb.sys
0x04B2E000 \SystemRoot\system32\drivers\afd.sys
0x04B99000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04BDD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x007D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x05207000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x05222000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0526F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0527B000 \SystemRoot\System32\Drivers\dfsc.sys
0x05298000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x052B4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x052B6000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x052D8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x052E1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x052F3000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05306000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05311000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x05325000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0533D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05348000 \SystemRoot\system32\DRIVERS\udfs.sys
0x05396000 \SystemRoot\System32\Drivers\crashdmp.sys
0x053A4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x053AE000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x053D8000 \SystemRoot\System32\drivers\Dxapi.sys
0x053E4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x006B0000 \SystemRoot\System32\cdd.dll
0x00FC6000 \SystemRoot\system32\drivers\luafv.sys
0x0920F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0922C000 \SystemRoot\system32\drivers\spsys.sys
0x092C6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x092DA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x092F2000 \SystemRoot\system32\drivers\HTTP.sys
0x09395000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x093BE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x093DC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x09A08000 \SystemRoot\system32\drivers\mrxdav.sys
0x09A2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09A58000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x09AA1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09AC0000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09AF2000 \SystemRoot\System32\DRIVERS\srv.sys
0x09B86000 \??\C:\Windows\SysWOW64\drivers\int15_64.sys
0x0A00A000 \SystemRoot\system32\drivers\peauth.sys
0x0A0C0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0A0CB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0A0DB000 \??\C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl
0x0A100000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0A120000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x0A136000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0A152000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77940000 \Windows\System32\ntdll.dll
Processes (total 68):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
532 csrss.exe
584 C:\Windows\System32\wininit.exe
604 csrss.exe
640 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\winlogon.exe
932 C:\Windows\System32\nvvsvc.exe
960 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
292 C:\Windows\System32\svchost.exe
344 C:\Windows\System32\svchost.exe
480 C:\Windows\System32\svchost.exe
536 C:\Windows\System32\audiodg.exe
632 C:\Windows\System32\svchost.exe
656 C:\Windows\System32\SLsvc.exe
512 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\spoolsv.exe
1376 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1400 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1416 C:\Windows\System32\svchost.exe
1548 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1808 C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
1864 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1892 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1052 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1460 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2000 C:\Windows\System32\svchost.exe
1824 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2080 C:\Windows\System32\svchost.exe
2128 C:\Windows\System32\svchost.exe
2148 C:\Windows\System32\SearchIndexer.exe
2448 WUDFHost.exe
2620 C:\Windows\System32\taskeng.exe
2880 C:\Windows\System32\nvvsvc.exe
1260 C:\Windows\System32\dwm.exe
812 C:\Windows\explorer.exe
2780 C:\Windows\System32\taskeng.exe
3408 C:\Program Files\Windows Defender\MSASCui.exe
3416 C:\Windows\System32\nvraidservice.exe
3424 C:\Windows\RAVCpl64.exe
3468 WmiPrvSE.exe
3480 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
3584 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
3704 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
3716 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
3724 C:\Program Files\Windows Sidebar\sidebar.exe
3736 C:\Windows\ehome\ehtray.exe
3784 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3840 C:\Windows\ehome\ehmsas.exe
3880 C:\Windows\System32\wbem\unsecapp.exe
3892 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
3920 C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\PMVService.exe
3956 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3984 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2968 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4500 C:\Windows\SysWOW64\svchost.exe
4872 C:\Windows\System32\conime.exe
3320 C:\Windows\System32\SearchProtocolHost.exe
3940 C:\Windows\System32\SearchFilterHost.exe
2932 dllhost.exe
1948 dllhost.exe
3440 C:\Users\***\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000005`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000013`f7800000 (NTFS)
PhysicalDrive2 Model Number: WDC WD1500HLFS-01G6U, Rev: 04.0
PhysicalDrive0 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0
PhysicalDrive1 Model Number: WDC WD6400AAKS-22A7B, Rev: 01.0
Size Device Name MBR Status
--------------------------------------------
139 GB \\.\PhysicalDrive2 RE: Acer MBR code detected
SHA1: D0A1D48D923816C1D3F4541365161CF9C2B53818
596 GB \\.\PhysicalDrive0 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
596 GB \\.\PhysicalDrive1 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
|
|
24.01.2011, 22:23
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir meldet das Trojanische Pferd TR/Inject.azat Gut. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.01.2011, 01:44
| #15 |
| | Antivir meldet das Trojanische Pferd TR/Inject.azat nach einer kleinen verzögerung hier nun die logs und so wies aussieht läuft der pc besser wie vorher auch wenn ich nicht wirklich ne ahnung davon habe was wir hier gemacht haben^^ Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5592
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
25.01.2011 01:38:25
mbam-log-2011-01-25 (01-38-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|J:\|K:\|L:\|)
Durchsuchte Objekte: 317256
Laufzeit: 21 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 01/25/2011 at 01:09 AM
Application Version : 4.48.1000
Core Rules Database Version : 6264
Trace Rules Database Version: 4076
Scan type : Complete Scan
Total Scan Time : 01:09:37
Memory items scanned : 591
Memory threats detected : 0
Registry items scanned : 11274
Registry threats detected : 0
File items scanned : 168556
File threats detected : 0
|
|
| Themen zu Antivir meldet das Trojanische Pferd TR/Inject.azat |
| 7-zip, adblock, akamai, antivir, antivir meldet, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, error, firefox, flash player, home, home premium, ieframe.dll, iexplore.exe, install.exe, internet, langsam, launch, location, logfile, mozilla, object, oldtimer, plug-in, popup, programdata, realtek, registry, saver, scan, searchplugins, security, shell32.dll, shortcut, software, start menu, svchost.exe, syswow64, teamspeak, vista, vlc media player, windows |
Linear-Darstellung
