| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: sshjnas.dll VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.01.2011, 13:56
| #16 |
 |  sshjnas.dll Virus sorry aber irgendwie weis ich jetzt net was des dann war entweder schritt 3 oder ka kannst du mir vllt helfen was dass war und was ich noch machen muss? |
|
27.01.2011, 16:04
| #17 |
| /// Malwareteam   | sshjnas.dll Virus Schau Dir Schritt 2 an und dann mache dies genau nach Anleitung.
__________________ |
|
29.01.2011, 22:22
| #18 |
| | sshjnas.dll Virus hier die otl Datei von schritt 2
__________________ : All processes killed ========== OTL ========== No active process named hpsysdrv.exe was found! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found. File C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpsysdrv not found. File c:\hp\support\hpsysdrv.exe not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KBD not found. File C:\hp\KBD\KbdStub.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\0x017 not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8501a01e-052c-11df-936a-00235412c360}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8501a01e-052c-11df-936a-00235412c360}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8501a01e-052c-11df-936a-00235412c360}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8501a01e-052c-11df-936a-00235412c360}\ not found. File J:\Startme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3df1422-ac47-11de-a4ab-00235412c360}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3df1422-ac47-11de-a4ab-00235412c360}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3df1422-ac47-11de-a4ab-00235412c360}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3df1422-ac47-11de-a4ab-00235412c360}\ not found. File J:\QsSetup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found. File J:\QsSetup.exe not found. File C:\Users\*******\AppData\Local\uvevijuki.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: **** ->Temp folder emptied: 629469 bytes ->Temporary Internet Files folder emptied: 5152715 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 38942309 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 2182 bytes User: Petra ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 602866 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 43,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 01292011_221520 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\TMP000000579A212350659B5A9F not found! Registry entries deleted on Reboot... |
|
29.01.2011, 22:23
| #19 |
| | sshjnas.dll Virus der name da der ist net der richtige also des ist net schlimm dass der da steht |
|
29.01.2011, 22:39
| #20 |
| /// Malwareteam | sshjnas.dll Virus Welcher Name? |
|
29.01.2011, 23:01
| #21 |
| | sshjnas.dll Virus hier schritt 3: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.01.2011 22:48:19 - Run 3 OTL by OldTimer - Version 3.2.20.6 Folder = c:\Users\***\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,63 Gb Total Space | 505,55 Gb Free Space | 86,77% Space Free | Partition Type: NTFS Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.26 16:55:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- c:\Users\***\Downloads\OTL.exe PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.08.30 10:44:20 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2010.07.27 13:40:55 | 000,237,224 | ---- | M] () -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe PRC - [2010.04.25 18:59:24 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010.03.08 18:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe PRC - [2009.11.20 10:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe PRC - [2009.10.11 09:45:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2008.07.09 14:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe ========== Modules (SafeList) ========== MOD - [2011.01.26 16:55:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- c:\Users\***\Downloads\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.05.14 23:03:34 | 000,887,808 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2011.01.12 14:03:37 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.07.27 13:40:55 | 000,237,224 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe -- (RealDesktop Toolbar Helper) SRV - [2010.03.08 18:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2010.02.10 18:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.07.09 14:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe -- (accvssvc) SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.12.13 08:40:21 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2010.12.13 08:40:21 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.03.25 16:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2009.03.25 16:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018obex.sys -- (s1018obex) DRV:64bit: - [2009.03.25 16:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV:64bit: - [2009.03.25 16:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2008.11.18 16:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys -- (gtstusbser_64) DRV:64bit: - [2008.05.14 23:49:44 | 004,436,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2007.06.29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64) DRV:64bit: - [2007.01.25 18:31:38 | 000,040,208 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2008.11.18 16:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys -- (gtstusbser_64) DRV - [2005.01.03 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HPDesktop | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HPDesktop | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..extensions.enabledItems: realdesktop@realdesktop.com:1.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0 FF - prefs.js..extensions.enabledItems: {7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}:1.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 09:58:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.21 16:44:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.26 15:03:12 | 000,000,000 | ---D | M] [2010.01.05 09:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.01.29 22:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions [2010.04.27 17:48:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.06 11:08:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.13 18:11:32 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.10.20 13:04:29 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.03.16 10:42:56 | 000,000,927 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\conduit.xml [2011.01.27 12:13:04 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-1.xml [2010.10.24 20:04:48 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-10.xml [2010.10.30 08:01:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-11.xml [2010.12.21 18:42:26 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-12.xml [2010.03.25 12:35:00 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-2.xml [2010.04.04 13:04:46 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-3.xml [2010.04.15 11:51:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-4.xml [2010.07.12 13:13:12 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-5.xml [2010.07.22 19:11:44 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-6.xml [2010.07.27 21:02:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-7.xml [2010.09.09 09:05:34 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-8.xml [2010.09.20 16:25:09 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-9.xml [2010.03.10 17:24:30 | 000,000,955 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin.xml [2010.10.20 13:04:07 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\sweetim.xml [2011.01.26 15:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.24 00:12:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.22 13:36:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.01.26 15:03:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.07.11 19:42:30 | 000,000,000 | ---D | M] (Real Desktop Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\realdesktop@realdesktop.com [2011.01.20 20:14:49 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\***\APPDATA\LOCAL\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.04.08 03:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll [2010.04.25 18:59:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.07.03 12:36:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.03 12:36:47 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.03 12:36:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.01.29 22:17:30 | 000,002,772 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml [2011.01.29 22:17:30 | 000,002,754 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml.bak [2010.07.03 12:36:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.03 12:36:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop) O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [o2DSLConnectionManager] C:\Program Files (x86)\DSL Connection Manager\o2DSLConnectionManager.exe (AccSys GmbH) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iv31 - ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv41 - ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - ir50_32.dll (Intel Corporation) Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: VIDC.XFR1 - xfcodec.dll () Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - iyvu9_32.dll () Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.01.26 18:14:23 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.26 16:43:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bereinigung [2011.01.26 16:31:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.01.26 16:31:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.01.26 16:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.26 16:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.26 16:31:15 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.01.26 16:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.01.26 15:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.01.20 20:14:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509} [2011.01.19 18:54:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.01.19 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2011.01.17 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC} [2011.01.17 18:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites [2011.01.17 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Seven Zip [2011.01.17 18:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.01.17 18:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.01.17 18:11:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.01.17 18:10:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.01.17 18:06:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2011.01.17 18:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.01.17 18:06:24 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.01.14 16:31:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft [2011.01.07 17:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Disney Imagineering [2011.01.07 17:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Imagineering [2011.01.07 17:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\XPSaveGameDir=Saves [2011.01.07 17:10:11 | 000,000,000 | ---D | C] -- C:\Programme\Disney Imagineering [2011.01.07 15:20:32 | 000,000,000 | ---D | C] -- C:\Phenomedia AG [2011.01.07 15:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Der Planer 3 [2011.01.06 19:30:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SPORE Creature Creator [2011.01.06 19:30:40 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MeinSPORE-Kreationen [2011.01.05 10:44:44 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.01.03 17:51:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tour de Franz [2011.01.03 17:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tour de Franz [2011.01.03 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TourDeFranz [2011.01.03 16:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freibier [2011.01.03 16:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freibier [2010.01.19 20:42:43 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe4F67.dll [2009.10.06 13:51:41 | 000,229,376 | ---- | C] (VoLT, 2010) -- C:\Users\***\AppData\Local\uvevijuki.dll ========== Files - Modified Within 30 Days ========== [2011.01.29 22:38:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.29 22:17:33 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.29 22:17:22 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.29 22:17:22 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.29 22:17:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.29 22:11:28 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job [2011.01.26 17:25:16 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.01.26 16:48:46 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.01.26 16:31:20 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.26 14:17:30 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\Rdedokoxaxedako.bin [2011.01.20 20:14:51 | 000,000,120 | ---- | M] () -- C:\Users\***\AppData\Local\Mtano.dat [2011.01.20 05:56:26 | 000,334,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.01.17 18:14:04 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk [2011.01.15 12:38:50 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.01.07 17:11:55 | 000,001,078 | ---- | M] () -- C:\Windows\disney.ini [2011.01.07 17:10:48 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Gespeicherte Achterbahnen.lnk [2011.01.07 17:09:38 | 000,000,175 | ---- | M] () -- C:\Windows\disneysy.ini ========== Files Created - No Company Name ========== [2011.01.26 17:25:16 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.01.26 16:48:21 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.01.26 16:31:20 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.20 20:14:51 | 000,000,120 | ---- | C] () -- C:\Users\***\AppData\Local\Mtano.dat [2011.01.20 20:14:51 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Rdedokoxaxedako.bin [2011.01.17 18:14:04 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk [2011.01.07 17:10:48 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Gespeicherte Achterbahnen.lnk [2011.01.07 17:09:40 | 000,001,078 | ---- | C] () -- C:\Windows\disney.ini [2011.01.07 17:09:38 | 000,000,175 | ---- | C] () -- C:\Windows\disneysy.ini [2010.12.05 14:48:32 | 000,028,160 | ---- | C] () -- C:\Windows\SysWow64\localuid.dll [2010.12.04 16:53:36 | 003,254,976 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI47BA.txt [2010.12.04 16:53:32 | 000,012,490 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI47BA.txt [2010.06.29 18:03:50 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010.05.08 10:13:19 | 000,429,170 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI7D79.txt [2010.05.08 10:13:18 | 000,011,192 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI7D79.txt [2010.01.19 20:35:04 | 000,439,726 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI14D8.txt [2010.01.19 20:35:03 | 000,082,666 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI14D8.txt [2010.01.01 14:11:24 | 002,729,472 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll [2009.10.15 19:26:15 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.06 13:51:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.10.06 13:50:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.09.28 17:28:08 | 000,419,556 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI08C2.txt [2009.09.28 17:28:08 | 000,035,698 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI08C2.txt [2009.09.28 17:03:53 | 000,001,572 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI [2009.06.18 15:55:18 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll [2009.06.18 15:12:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2009.01.20 13:17:53 | 000,000,488 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.11.20 21:45:30 | 000,042,320 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.09.12 21:06:31 | 000,003,569 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.09.12 20:44:13 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2008.09.12 20:44:13 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini ========== LOP Check ========== [2011.01.14 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2010.06.28 14:13:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari [2010.08.06 11:08:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.01 16:33:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Football Superstars [2011.01.27 15:58:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.06.28 14:12:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.01.02 14:16:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy [2009.05.09 18:29:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2010.01.19 20:46:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2010.01.19 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Setup [2011.01.06 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE Creature Creator [2010.05.14 12:40:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica [2009.01.20 13:18:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.08.30 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity [2009.01.02 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent [2009.11.20 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch [2011.01.29 22:16:19 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.29 22:11:28 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2008.09.13 06:16:48 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2010.01.01 14:24:08 | 000,000,000 | ---- | M] () -- C:\conmgr.log [2009.06.18 15:16:16 | 000,000,129 | ---- | M] () -- C:\htsetup.err [2005.09.22 23:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2011.01.29 22:17:13 | 312,033,279 | -HS- | M] () -- C:\pagefile.sys [2010.05.25 17:12:02 | 000,001,527 | ---- | M] () -- C:\SoftUpdateLog.txt < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 16:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 16:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 16:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2010.01.08 12:08:33 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 22:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.01.21 04:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 03:50:16 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 03:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: WININIT.EXE > [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > |
|
29.01.2011, 23:10
| #22 |
| /// Malwareteam | sshjnas.dll VirusCombofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**  
|
|
30.01.2011, 11:26
| #23 |
| | sshjnas.dll Virus hier die combofix datei: Combofix Logfile: Code:
ATTFilter ComboFix 11-01-29.02 - *** 30.01.2011 11:01:20.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2626 [GMT 1:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\programdata\hpe4F67.dll
c:\users\***\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}
c:\users\***\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}\chrome.manifest
c:\users\***\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}\chrome\content\_cfg.js
c:\users\***\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}\chrome\content\overlay.xul
c:\users\***\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}\install.rdf
c:\users\***\AppData\Local\uvevijuki.dll
c:\windows\system32\jusched.exe
c:\windows\system32\slwga.dll . . . . Nicht in der Lage zu löschen
c:\windows\SysWow64\jusched.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
----- Datei Replikatoren -----
c:\users\***\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
c:\users\***\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
c:\users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
c:\windows\Installer\{0019BCD5-6D1C-6B47-8214-A151D5FCFDDC}\ARPPRODUCTICON.exe
c:\windows\Installer\{014A0EB1-C226-1CAF-7B72-49321CB0E9B3}\ARPPRODUCTICON.exe
c:\windows\Installer\{0AF5BF1B-FFE1-2C85-FDDC-3A44EFD341EC}\ARPPRODUCTICON.exe
c:\windows\Installer\{0BB291F1-BEBA-2530-990B-863B206B1F8A}\ARPPRODUCTICON.exe
c:\windows\Installer\{114C3B4C-CA35-1027-B126-F10DAB0F20B7}\ARPPRODUCTICON.exe
c:\windows\Installer\{11908571-96AB-2B21-EDBE-7852B087E925}\ARPPRODUCTICON.exe
c:\windows\Installer\{1D95A4AF-B4FE-45E5-1518-2A842BA83081}\ARPPRODUCTICON.exe
c:\windows\Installer\{23C7264E-BAA0-73B7-0B7C-BA1CCA40F438}\ARPPRODUCTICON.exe
c:\windows\Installer\{23D2AA7C-FFB2-3271-7568-58D9CE58598F}\ARPPRODUCTICON.exe
c:\windows\Installer\{25468ED2-C4F8-C7EB-5CDB-20D934D6A1F9}\ARPPRODUCTICON.exe
c:\windows\Installer\{277AF855-DF15-BDCA-D570-5B94C5371201}\ARPPRODUCTICON.exe
c:\windows\Installer\{2BEC7DA6-3455-5674-4A0E-09A6777A2C25}\ARPPRODUCTICON.exe
c:\windows\Installer\{2CC86F66-6C15-3D00-F05E-830846CF2393}\ARPPRODUCTICON.exe
c:\windows\Installer\{2DDB9835-EE7B-FF38-084C-EBB81710A5FB}\ARPPRODUCTICON.exe
c:\windows\Installer\{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}\ARPPRODUCTICON.exe
c:\windows\Installer\{35BEB65B-B67C-C104-CE7E-56D71378822D}\ARPPRODUCTICON.exe
c:\windows\Installer\{36D76EB0-F8A6-BD4A-A3C9-B07BE72FF6CD}\ARPPRODUCTICON.exe
c:\windows\Installer\{3700194C-C5DD-439A-BE06-A66960CA4C70}\ARPPRODUCTICON.exe
c:\windows\Installer\{3B7AD0B6-B25D-EB03-5657-E9B3ECBC3C28}\ARPPRODUCTICON.exe
c:\windows\Installer\{3C9DDCA5-D9EF-B431-B7E8-3B2286E92FEE}\ARPPRODUCTICON.exe
c:\windows\Installer\{441BA798-953E-1FF2-F9B8-7D1BED5E3278}\ARPPRODUCTICON.exe
c:\windows\Installer\{4C074190-CE6F-1960-F8BC-B00CF700CAA4}\ARPPRODUCTICON.exe
c:\windows\Installer\{4DDF7B07-6CC5-CEE9-CA52-E95F8547EBC0}\ARPPRODUCTICON.exe
c:\windows\Installer\{56B74948-05CA-C84D-307C-A578F98DAF33}\ARPPRODUCTICON.exe
c:\windows\Installer\{590129B0-8CBD-0C3D-55C6-693C5C910A53}\ARPPRODUCTICON.exe
c:\windows\Installer\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\ARPPRODUCTICON.exe
c:\windows\Installer\{60706F47-9AD7-59C5-2BFF-A747086FE30B}\ARPPRODUCTICON.exe
c:\windows\Installer\{607576AD-A631-77DE-3D8C-3FBA257962D0}\ARPPRODUCTICON.exe
c:\windows\Installer\{61E1C6E3-1793-2F66-B14D-E8899F8F36D7}\ARPPRODUCTICON.exe
c:\windows\Installer\{6F058B03-40A6-3023-ACE4-C031CB5F51E6}\ARPPRODUCTICON.exe
c:\windows\Installer\{6F1D0A3C-3E04-3E6D-2286-1B1900777555}\ARPPRODUCTICON.exe
c:\windows\Installer\{795288DC-2652-44A5-99FD-2ECDF3C633BF}\ARPPRODUCTICON.exe
c:\windows\Installer\{7C0B4269-EFF1-FE99-2298-B5752BBCD1CE}\ARPPRODUCTICON.exe
c:\windows\Installer\{815E4EFD-6A9C-50F5-3C7B-DD5984BF1CBB}\ARPPRODUCTICON.exe
c:\windows\Installer\{8D8637C8-BD8F-71AF-1E15-B4104FDFF6A9}\ARPPRODUCTICON.exe
c:\windows\Installer\{9E3A383E-0AF0-97F3-3FFF-E466DFDD302B}\ARPPRODUCTICON.exe
c:\windows\Installer\{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}\ARPPRODUCTICON.exe
c:\windows\Installer\{A40DD5A8-B549-126F-DEDE-2A0DD11342F0}\ARPPRODUCTICON.exe
c:\windows\Installer\{B03DF1CE-9964-0BCB-A53E-9ABE88B17F60}\ARPPRODUCTICON.exe
c:\windows\Installer\{B04F82E0-C4F2-58B3-C799-FAC82F6F88C1}\ARPPRODUCTICON.exe
c:\windows\Installer\{B0516082-BA15-2ACC-A354-0CA22CFE4CF9}\ARPPRODUCTICON.exe
c:\windows\Installer\{B3891007-20E0-83BB-93F8-3062A2ED39EB}\ARPPRODUCTICON.exe
c:\windows\Installer\{B3DA638A-7AC7-4202-C489-898D8A5AE48B}\ARPPRODUCTICON.exe
c:\windows\Installer\{B593E002-4F0A-2537-AF4D-59C371FCE60F}\ARPPRODUCTICON.exe
c:\windows\Installer\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}\ARPPRODUCTICON.exe
c:\windows\Installer\{B9CB4A55-002A-5FC0-DF39-A5D5FF2F036D}\ARPPRODUCTICON.exe
c:\windows\Installer\{C485E0AA-2176-835B-8555-C08002E8517B}\ARPPRODUCTICON.exe
c:\windows\Installer\{C948C303-C151-B075-DDD6-F69B963B70EF}\ARPPRODUCTICON.exe
c:\windows\Installer\{C9E04998-234A-4ACE-6C91-30F7E8EA735D}\ARPPRODUCTICON.exe
c:\windows\Installer\{CCB5EE8A-8DE8-E4E2-1D3D-31C9CC3519C9}\ARPPRODUCTICON.exe
c:\windows\Installer\{D2299355-97DE-1DBC-98EB-C5F2357F874C}\ARPPRODUCTICON.exe
c:\windows\Installer\{D2C6274D-C3C0-0C1B-5E79-B94843622343}\ARPPRODUCTICON.exe
c:\windows\Installer\{D78C15E3-7648-A466-651C-FB618B3659AD}\ARPPRODUCTICON.exe
c:\windows\Installer\{DC2A30B7-030B-6842-C5D5-AE3D5E7B8ECC}\ARPPRODUCTICON.exe
c:\windows\Installer\{DF18DFB5-A9CC-1A17-9861-2187C1265CD4}\ARPPRODUCTICON.exe
c:\windows\Installer\{E9DA117D-B2B8-9F7D-DBD7-FF2A730FBB8A}\ARPPRODUCTICON.exe
c:\windows\Installer\{F93D2591-8201-4692-BD8D-67A0BFAC9C14}\ARPPRODUCTICON.exe
c:\windows\Installer\{FDC5251B-4139-1DAE-8CCC-20AAC4E5422E}\ARPPRODUCTICON.exe
c:\windows\Installer\{FF063B2A-19DB-C210-C06D-8BBECD7D45B4}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((( Dateien erstellt von 2010-12-28 bis 2011-01-30 ))))))))))))))))))))))))))))))
.
2011-01-30 10:10 . 2011-01-30 10:10 -------- d-----w- c:\users\****\AppData\Local\temp
2011-01-30 10:10 . 2011-01-30 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-29 21:16 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{821CF3CE-40DF-481C-B834-B4D26857A970}\mpengine.dll
2011-01-26 17:14 . 2011-01-26 17:14 -------- d-----w- C:\_OTL
2011-01-26 15:31 . 2011-01-26 15:31 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-01-26 15:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-26 15:31 . 2011-01-26 15:31 -------- d-----w- c:\programdata\Malwarebytes
2011-01-26 15:31 . 2011-01-26 15:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-26 15:31 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-26 14:03 . 2010-11-12 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-26 14:03 . 2010-11-12 17:53 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-20 19:14 . 2011-01-26 13:17 0 ----a-w- c:\users\***\AppData\Local\Rdedokoxaxedako.bin
2011-01-20 04:04 . 2011-01-20 04:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-01-19 17:54 . 2011-01-19 17:54 -------- d-----w- c:\windows\Sun
2011-01-19 15:51 . 2011-01-19 15:51 -------- d-----w- c:\users\***\AppData\Roaming\Avira
2011-01-17 17:14 . 2011-01-17 17:14 -------- d-----w- c:\programdata\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2011-01-17 17:13 . 2011-01-17 17:13 -------- d-----w- c:\program files (x86)\Activation Assistant for the 2007 Microsoft Office suites
2011-01-17 17:13 . 2011-01-17 17:13 -------- d-----w- c:\users\***\AppData\Local\Seven Zip
2011-01-17 17:11 . 2011-01-17 17:11 -------- d-----w- c:\windows\PCHEALTH
2011-01-17 17:06 . 2011-01-17 17:06 -------- d-----w- c:\users\***\AppData\Local\Microsoft Help
2011-01-17 17:06 . 2011-01-25 17:06 -------- d-----w- c:\programdata\Microsoft Help
2011-01-17 17:06 . 2011-01-17 17:06 -------- d-----r- C:\MSOCache
2011-01-14 15:31 . 2011-01-30 09:08 -------- d-----w- c:\users\***\AppData\Roaming\.minecraft
2011-01-12 13:18 . 2010-12-28 16:08 466944 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 13:18 . 2010-12-28 16:06 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 13:18 . 2010-12-28 15:55 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 13:18 . 2010-12-28 16:06 286720 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 13:18 . 2010-12-28 16:06 278528 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 13:18 . 2010-12-28 16:06 69632 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 13:18 . 2010-12-28 16:06 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 13:18 . 2010-12-28 15:53 253952 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 13:18 . 2010-12-28 15:53 241664 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 13:18 . 2010-12-28 15:53 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 13:18 . 2010-12-28 15:53 57344 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadcs.dll
2011-01-12 13:18 . 2010-12-28 15:53 180224 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 13:11 . 2010-12-14 16:15 1251840 ----a-w- c:\windows\system32\sdclt.exe
2011-01-07 16:12 . 2011-01-07 16:12 -------- d-----w- c:\programdata\Disney Imagineering
2011-01-07 16:10 . 2011-01-07 16:10 -------- d-----w- c:\programdata\XPSaveGameDir=Saves
2011-01-07 16:10 . 2011-01-07 16:10 -------- d-----w- c:\program files\Disney Imagineering
2011-01-07 14:20 . 2011-01-07 14:20 -------- d-----w- C:\Phenomedia AG
2011-01-06 18:30 . 2011-01-06 18:30 -------- d-----w- c:\users\***\AppData\Roaming\SPORE Creature Creator
2011-01-05 09:44 . 2010-12-13 07:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-03 16:50 . 2011-01-03 16:51 -------- d-----w- c:\program files (x86)\TourDeFranz
2011-01-03 15:58 . 2011-01-03 15:58 -------- d-----w- c:\program files (x86)\Freibier
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 07:40 . 2009-09-28 16:31 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-05 13:48 . 2010-12-05 13:48 28160 ----a-w- c:\windows\SysWow64\localuid.dll
2010-12-04 15:53 . 2010-12-04 15:53 431104 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-04 15:53 . 2010-12-04 15:53 116736 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-04 15:53 . 2010-12-04 15:53 86016 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2010-12-04 15:53 . 2010-12-04 15:53 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-11-06 11:18 . 2010-12-15 12:21 500224 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-06 11:18 . 2010-12-15 12:21 655872 ----a-w- c:\windows\system32\taskschd.dll
2010-11-06 11:18 . 2010-12-15 12:21 410112 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-06 11:18 . 2010-12-15 12:21 855040 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 23:58 . 2010-12-15 12:21 267776 ----a-w- c:\windows\system32\taskeng.exe
2010-11-04 18:55 . 2010-12-15 12:21 352768 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-04 18:55 . 2010-12-15 12:21 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-04 16:34 . 2010-12-15 12:21 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 06:27 . 2010-12-15 12:22 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 06:24 . 2010-12-15 12:22 56832 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 06:23 . 2010-12-15 12:22 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 06:23 . 2010-12-15 12:22 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 06:23 . 2010-12-15 12:22 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 06:01 . 2010-12-15 12:22 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-02 05:57 . 2010-12-15 12:22 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 12:22 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 12:22 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2010-11-02 05:57 . 2010-12-15 12:22 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2010-11-02 05:25 . 2010-12-15 12:22 479232 ----a-w- c:\windows\system32\html.iec
2010-11-02 05:01 . 2010-12-15 12:22 385024 ----a-w- c:\windows\SysWow64\html.iec
2010-11-02 04:45 . 2010-12-15 12:22 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:44 . 2010-12-15 12:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:26 . 2010-12-15 12:22 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 12:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4C350B19-6CA1-4569-B14C-296D8D653009}"= "c:\program files (x86)\RealDesktop Toolbar\realdesktoptb.dll" [2010-05-04 1044136]
[HKEY_CLASSES_ROOT\clsid\{4c350b19-6ca1-4569-b14c-296d8d653009}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-11 39408]
"Sony Ericsson PC Suite"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-04-25 2937528]
"o2DSLConnectionManager"="c:\program files (x86)\DSL Connection Manager\o2DSLConnectionManager.exe" [2009-04-09 710200]
"Steam"="c:\program files (x86)\steam\steam.exe" [2010-11-17 1242448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2010-08-30 111928]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 dump_wmimmc;dump_wmimmc;c:\fiaa\OPERATION7\GameGuard\dump_wmimmc.sys [x]
R3 gtstusbser_64;Option210 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gtstusbser_64.sys [2008-11-18 118016]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S2 accvssvc;AccSys WLAN Control Service;c:\program files (x86)\Common Files\AccSys\AccVSSvc.exe [2008-07-09 131072]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 RealDesktop Toolbar Helper;RealDesktop Toolbar Helper;c:\program files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe [2010-07-27 237224]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-03-08 194048]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2007-06-29 39424]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 14:18]
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01 14:18]
2009-03-28 c:\windows\Tasks\HPCeeScheduleFor***.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-09-12 18:03]
2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"combofix"="c:\combofix\CF7868.cfxxe" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://RealDesktop.toolbaroptions.com/?tmp=toolbar_RealDesktop_homepage&prt=realdesktb04ie&v=15
uLocal Page = hxxp://RealDesktop.toolbaroptions.com/?tmp=toolbar_RealDesktop_homepage&prt=realdesktb04ie&v=15
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Real Desktop Toolbar: realdesktop@realdesktop.com - c:\program files (x86)\Mozilla Firefox\extensions\realdesktop@realdesktop.com
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
Toolbar-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{4C350B19-6CA1-4569-B14C-296D8D653009} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-SAMSUNG CDMA Modem - c:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
AddRemove-SAMSUNG Mobile USB Modem - c:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
AddRemove-SAMSUNG Mobile USB Modem 1.0 - c:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
AddRemove-Vodafone WCDMA Composite Device Drive - c:\windows\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-30 11:22:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-30 10:22
Vor Suchlauf: 13 Verzeichnis(se), 542.739.501.056 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 542.025.285.632 Bytes frei
- - End Of File - - 1C40D15C8925F26170DDD6B192B4AC61
|
|
30.01.2011, 23:36
| #24 |
| /// Malwareteam | sshjnas.dll Virus Wie läuft es? Ich bin bis Mittwoch abwesend. Melde mich dann aber gleich wieder. |
|
31.01.2011, 14:00
| #25 |
| | sshjnas.dll Virus okay alles pallettie |
|
02.02.2011, 16:29
| #26 | |
| /// Malwareteam | sshjnas.dll VirusZitat:
Wie läuft das System? |
|
03.02.2011, 19:02
| #27 |
| | sshjnas.dll Virus ja ich habe bei einem kumpel den real destkop gesehen und habe ihn dann auch heruntergeladen dabei habe ich vergessen die toolbar nicht mit zu installieren. |
|
04.02.2011, 07:38
| #28 |
| /// Malwareteam | sshjnas.dll Virus Und auf die Frage wie das System läuft? |
|
04.02.2011, 15:11
| #29 |
| | sshjnas.dll Virus soweit keine probleme aber muss ich jetzt noch etwas machen oder bin ich offiziell fertig oder besser gesagt ist der Virus unten von meinem pc? |
|
04.02.2011, 21:43
| #30 |
| /// Malwareteam | sshjnas.dll Virus Schritt 1 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
|
|
| Themen zu sshjnas.dll Virus |
| arten, assembly, beim starten, c:\windows, das angegebene modul wurde nicht gefunden, fehlermeldung, gefunde, laden, modul, nicht gefunden, protected, sshnas.dll, starte, starten, system, system32, version, virus, windows |
Textbox.
Linear-Darstellung
