|
Plagegeister aller Art und deren Bekämpfung: Gozi Trojaner, aber auf welchem PC?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.02.2011, 23:24 | #1 |
| Gozi Trojaner, aber auf welchem PC? Hallo, ich habe gestern einen Anruf von meiner Bank erhalten, dass ich mir den Trojaner Gozi zugezogen habe und sie deshalb mein Konto gesperrt haben. Habe dann meinen Vater angerufen und ihn gebeten, meine Passwörter und Zugangsdaten für mein anderes Bankkonto auf seinem Rechner zu ändern und auch das zweite Bankkonto war bereits gesperrt. Auf Anfrage bei der zweiten Bank bestätigte auch diese mir, dass ich mir den Gozi eingefangen habe. Das Problem ist nun, dass ich meinen Kontostand auf mehreren Computern nachgeschaut habe. Zum einen über mein iPhone und über mein MacBook (die sollten ja nicht befallen sein) und dann noch über meinen privaten Laptop und meinen Arbeitslaptop. Habe meinen Arbeitslaptop heute von der IT Abteilung scannen lassen und hinterher hieß es, sie hätten 8 Viren gefunden und darunter wohl auch der Gozi, aber das sei jetzt alles gelöscht. Hab auf meinem Laptop Malwarebytes installiert bekommen, aber laut meiner Recherche im Internet kann man Gozi damit nicht löschen... Gestern habe ich Antivir über meinen privaten Laptop laufen lassen und 2 Funde gehabt, aber kein Gozi. Hab heute Malwarebytes drüber gejagt, aber der hat "nur" den Pup.Dealio gefunden, den ich gelöscht habe. Ich möchte einfach komplett sicher gehen, dass ich den Gozi nicht auf meinem privaten PC habe. Kann mir jemand helfen? Hier mein Malwarebytes log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5679 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 04.02.2011 22:39:11 mbam-log-2011-02-04 (22-39-11).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 142522 Laufzeit: 5 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 8 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: c:\programme\application updater\applicationupdater.exe (PUP.Dealio) -> 696 -> Unloaded process successfully. c:\programme\pdfforge toolbar\searchsettings.exe (PUP.Dealio) -> 2800 -> Unloaded process successfully. Infizierte Speichermodule: c:\programme\pdfforge toolbar\searchsettingsres409.dll (PUP.Dealio) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\PDFFORGE TOOLBAR\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\PDFFORGE TOOLBAR\SEARCHSETTINGS.DLL (PUP.Dealio) -> Value: SEARCHSETTINGS.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\SEARCHSETTINGS@SPIGOT.COM (PUP.Dealio) -> Value: SEARCHSETTINGS@SPIGOT.COM -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programme\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully. c:\programme\pdfforge toolbar\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully. c:\programme\pdfforge toolbar\searchsettingsres409.dll (PUP.Dealio) -> Quarantined and deleted successfully. c:\programme\pdfforge toolbar\searchsettings.dll (PUP.Dealio) -> Quarantined and deleted successfully. c:\programme\pdfforge toolbar\IE\1.1.2\pdfforgetoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully. c:\programme\mozilla firefox\extensions\searchsettings@spigot.com (PUP.Dealio) -> Quarantined and deleted successfully. Kann ein Apple Gerät auch von Gozi befallen sein? Ich danke euch schon jetzt für eure Hilfe Viele Grüße Julie |
06.02.2011, 21:37 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gozi Trojaner, aber auf welchem PC? Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
07.02.2011, 12:24 | #3 |
| Gozi Trojaner, aber auf welchem PC? Bin gerade auf Arbeit, also hier mal das Malwarebytes log file von meinem Arbeits PC:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5674 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/7/2011 8:59:47 AM mbam-log-2011-02-07 (08-59-47).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 191274 Time elapsed: 29 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> Value: 1 -> Delete on reboot. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
07.02.2011, 12:29 | #4 |
| Gozi Trojaner, aber auf welchem PC? Hier der erste log von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/7/2011 12:25:36 PM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = D:\Documents and Settings\tiemajui\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 2962 2962 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 57.14 Gb Free Space | 76.67% Space Free | Partition Type: NTFS Drive D: | 74.52 Gb Total Space | 66.32 Gb Free Space | 89.00% Space Free | Partition Type: NTFS Drive H: | 3.00 Gb Total Space | 2.89 Gb Free Space | 96.33% Space Free | Partition Type: NTFS Drive W: | 599.99 Gb Total Space | 255.02 Gb Free Space | 42.50% Space Free | Partition Type: NTFS Computer Name: DEHER1N1755 | User Name: tiemajui | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Documents and Settings\tiemajui\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Documents and Settings\tiemajui\Application Data\webex\ptsrv.exe (Cisco WebEx LLC) PRC - D:\Documents and Settings\tiemajui\Application Data\webex\ptoneclk.exe (Cisco WebEx LLC) PRC - W:\APP_ADI\sim\sim.exe () PRC - C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe (Altiris, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe (SAP AG, Walldorf) PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.) PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) PRC - C:\Program Files\eRoom 7\ERClient7.exe (EMC) PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - D:\Documents and Settings\tiemajui\Local Settings\Temp\LogonApp.exe (Websense) ========== Modules (SafeList) ========== MOD - D:\Documents and Settings\tiemajui\Desktop\OTL.exe (OldTimer Tools) MOD - D:\Documents and Settings\tiemajui\Local Settings\Temp\regoute.dll () MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\AMInit32.dll (Altiris, Inc.) MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.) MOD - C:\WINDOWS\system32\NetProvCredMan.dll (Intel(R) Corporation) MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Ggl, = hxxp://www.google.com/search?q=%s IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://10.129.10.50/herzo.pac ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://128.1.2.29/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: ocplugin@webex.com:1.1 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://10.129.10.50/herzo.pac" FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 2 [2010/07/12 09:10:37 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\tiemajui\Application Data\Mozilla\Extensions [2011/02/04 10:53:46 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\tiemajui\Application Data\Mozilla\Firefox\Profiles\4166a530.default\extensions [2010/08/27 11:00:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\tiemajui\Application Data\Mozilla\Firefox\Profiles\4166a530.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/05 08:11:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/02/07 10:47:47 | 000,000,000 | ---D | M] (ocplugin) -- D:\DOCUMENTS AND SETTINGS\TIEMAJUI\APPLICATION DATA\WEBEX O1 HOSTS File: ([2008/09/10 10:39:00 | 000,000,755 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 10.127.106.9 hesv1218 O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - D:\Documents and Settings\tiemajui\Application Data\webex\ptonecli.dll (Cisco WebEx LLC) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - D:\Documents and Settings\tiemajui\Application Data\webex\ptonecli.dll (Cisco WebEx LLC) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdiPowerConfig] C:\WINDOWS\System32\Powerset.lnk () O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.) O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [QPMEnroll] C:\WINDOWS\system32\QPMEnroll.exe (Quest Software, Inc.) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [tsnp2uvc] File not found O4 - HKCU..\Run: [asr_ntfs] D:\Documents and Settings\tiemajui\Local Settings\Temp\regoute.dll () O4 - HKCU..\Run: [PTOneClick] D:\Documents and Settings\tiemajui\Application Data\webex\ptoneclk.exe (Cisco WebEx LLC) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [Shockwave Updater] File not found O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico () O4 - Startup: D:\Documents and Settings\tiemajui\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe (EMC) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Safety present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinters = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = nusrmgr.cpl (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O15 - HKCU\..Trusted Domains: adidas.com ([cm] * in Trusted sites) O15 - HKCU\..Trusted Domains: adidas.de ([]* in Local intranet) O15 - HKCU\..Trusted Domains: adidas.de ([evault] * in Local intranet) O15 - HKCU\..Trusted Domains: adidas.de ([hesv1138] * in Local intranet) O15 - HKCU\..Trusted Domains: adsint.biz ([hesv1138.emea] * in Local intranet) O15 - HKCU\..Trusted Domains: evault ([]* in Local intranet) O15 - HKCU\..Trusted Domains: hesv1138 ([]* in Local intranet) O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} hxxp://cm.adidas.com/projectserver/objects/pjclient.cab (PjAdoInfo3 Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240391599140 (WUWebControl Class) O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} Reg Error: Key error. (ERPageAddin Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257259888629 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} hxxp://cm.adidas.com/projectserver/objects/1033/pjcintl.cab (Pj11enuC Class) O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab (Java Plug-in 1.5.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.126.193.47 10.127.1.185 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.adsint.biz O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O20 - AppInit_DLLs: (AMINIT32.dll) - C:\WINDOWS\System32\AMInit32.dll (Altiris, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (ATGinaHook.dll) - C:\WINDOWS\System32\ATGinaHook.dll (AuthenTec, Inc.) O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) O24 - Desktop WallPaper: D:\Documents and Settings\tiemajui\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\tiemajui\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/02/07 09:11:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\tiemajui\Desktop\OTL.exe [2011/02/04 14:25:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tiemajui\Application Data\Malwarebytes [2011/02/04 13:33:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/02/04 13:33:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/02/04 13:33:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/02/04 13:33:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/02/04 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/02/04 13:32:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\tiemajui\Desktop\mbam-setup-1.50.1.1100.exe [2011/02/02 13:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2011/01/31 15:34:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tiemajui\Local Settings\Application Data\AskToolbar [2011/01/31 15:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2011/01/31 15:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\PicPick [2011/01/31 15:29:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\miTeam [2011/01/31 15:29:01 | 000,000,000 | ---D | C] -- C:\miTeam [2011/01/14 14:38:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\tiemajui\Start Menu\Programs\WebEx [2010/10/12 09:18:02 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll [2010/10/12 09:18:02 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll [2010/10/12 09:18:01 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll [2010/10/12 09:18:01 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx [2010/02/09 14:23:16 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2009/04/22 10:42:34 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/02/07 12:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/02/07 09:42:54 | 000,146,432 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\MT_country_onboarding_milestones.xls [2011/02/07 09:29:05 | 000,057,344 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\DHL Paket Claim Process.doc [2011/02/07 09:18:16 | 000,001,024 | ---- | M] () -- C:\.rnd [2011/02/07 09:18:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/02/07 09:11:20 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\tiemajui\Desktop\OTL.exe [2011/02/07 08:24:42 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/02/04 16:04:50 | 000,002,377 | ---- | M] () -- D:\Documents and Settings\tiemajui\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk [2011/02/04 16:00:43 | 000,033,280 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\contact list mi Team expansion.xls [2011/02/04 15:53:44 | 000,015,872 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\Next steps mi Team expansion.xls [2011/02/04 13:33:59 | 000,000,676 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/04 13:32:56 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\tiemajui\Desktop\mbam-setup-1.50.1.1100.exe [2011/02/04 08:24:09 | 000,445,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/02/04 08:24:09 | 000,072,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/02/03 14:55:50 | 002,003,968 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\miTeam expansion.ppt [2011/02/03 08:18:25 | 000,011,688 | RHS- | M] () -- D:\Documents and Settings\tiemajui\ntuser.pol [2011/02/02 13:20:57 | 000,348,672 | ---- | M] () -- D:\Documents and Settings\tiemajui\My Documents\weekly call 2_4.ppt [2011/02/02 12:58:47 | 000,002,359 | ---- | M] () -- D:\Documents and Settings\tiemajui\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk [2011/02/02 08:48:30 | 000,025,600 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\contact list mi Team expansion AU NZ.xls [2011/02/02 08:23:15 | 000,002,317 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2011/02/02 08:20:35 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2011/02/01 13:41:47 | 000,815,616 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\Weekly Progess Update template.ppt [2011/02/01 09:51:49 | 000,002,375 | ---- | M] () -- D:\Documents and Settings\tiemajui\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk [2011/01/31 16:30:26 | 000,176,128 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\Contacts mi adidas.ppt [2011/01/31 15:29:24 | 000,000,453 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Toolkit.lnk [2011/01/27 11:31:43 | 000,152,064 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\miadidas_SOP_miteam order in a non mi adidas.doc [2011/01/25 15:56:02 | 000,023,552 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\contact list mi Team expansion_Russia.xls [2011/01/25 11:35:31 | 001,067,008 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\SOP DHL.doc [2011/01/24 10:31:48 | 001,441,792 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\DHL_trial.xls [2011/01/24 10:31:31 | 003,644,416 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\Template.xls [2011/01/24 08:15:25 | 000,000,002 | ---- | M] () -- D:\Documents and Settings\tiemajui\CL_Part2_Done_tiemajui.flg [2011/01/24 08:13:23 | 000,000,002 | ---- | M] () -- D:\Documents and Settings\tiemajui\CL_Part1_Done_tiemajui.flg [2011/01/19 16:13:31 | 000,041,472 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\DHL claim form.doc [2011/01/14 16:25:33 | 012,500,992 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\FW_FedEx2010.xls [2011/01/14 16:16:05 | 000,046,592 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\DEC 2010 results FW.xls [2011/01/14 14:38:00 | 000,001,924 | ---- | M] () -- D:\Documents and Settings\tiemajui\Desktop\WebEx One-Click.lnk [2011/01/13 08:15:10 | 000,350,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/01/12 11:12:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/02/07 09:18:15 | 000,001,024 | ---- | C] () -- C:\.rnd [2011/02/04 15:53:44 | 000,015,872 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\Next steps mi Team expansion.xls [2011/02/04 13:33:59 | 000,000,676 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/02 13:20:57 | 000,348,672 | ---- | C] () -- D:\Documents and Settings\tiemajui\My Documents\weekly call 2_4.ppt [2011/02/02 08:48:30 | 000,025,600 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\contact list mi Team expansion AU NZ.xls [2011/02/01 15:54:04 | 000,146,432 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\MT_country_onboarding_milestones.xls [2011/02/01 13:41:47 | 000,815,616 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\Weekly Progess Update template.ppt [2011/02/01 10:40:01 | 000,057,344 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\DHL Paket Claim Process.doc [2011/01/31 15:33:01 | 000,000,240 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/01/31 15:29:24 | 000,000,453 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Toolkit.lnk [2011/01/27 11:31:43 | 000,152,064 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\miadidas_SOP_miteam order in a non mi adidas.doc [2011/01/25 16:20:57 | 001,067,008 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\SOP DHL.doc [2011/01/25 15:56:02 | 000,023,552 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\contact list mi Team expansion_Russia.xls [2011/01/24 10:31:48 | 001,441,792 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\DHL_trial.xls [2011/01/24 09:07:28 | 012,500,992 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\FW_FedEx2010.xls [2011/01/24 09:07:23 | 030,732,288 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\FW_DHL2010.xls [2011/01/24 09:07:23 | 000,046,592 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\DEC 2010 results FW.xls [2011/01/24 09:06:46 | 003,644,416 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\Template.xls [2011/01/24 08:15:25 | 000,000,002 | ---- | C] () -- D:\Documents and Settings\tiemajui\CL_Part2_Done_tiemajui.flg [2011/01/24 08:13:23 | 000,000,002 | ---- | C] () -- D:\Documents and Settings\tiemajui\CL_Part1_Done_tiemajui.flg [2011/01/19 16:13:31 | 000,041,472 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\DHL claim form.doc [2011/01/17 14:08:40 | 002,003,968 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\miTeam expansion.ppt [2011/01/14 14:38:00 | 000,001,924 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\WebEx One-Click.lnk [2011/01/14 14:27:39 | 000,033,280 | ---- | C] () -- D:\Documents and Settings\tiemajui\Desktop\contact list mi Team expansion.xls [2010/10/12 09:18:01 | 000,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt [2010/10/12 09:18:01 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt [2010/10/12 09:16:05 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll [2010/10/12 09:16:04 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll [2010/10/12 09:16:04 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll [2010/10/12 09:16:04 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll [2010/10/12 09:16:04 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll [2010/10/06 07:57:51 | 000,022,990 | ---- | C] () -- C:\WINDOWS\sapLogon.ini [2010/09/08 13:05:44 | 000,000,664 | ---- | C] () -- D:\Documents and Settings\tiemajui\Local Settings\Application Data\d3d9caps.dat [2010/07/08 10:41:36 | 000,003,584 | ---- | C] () -- D:\Documents and Settings\tiemajui\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/07/07 14:10:10 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010/05/31 08:52:24 | 000,024,596 | ---- | C] () -- D:\Documents and Settings\tiemajui\Application Data\ItDb.enc.bak [2010/05/31 08:52:24 | 000,000,048 | ---- | C] () -- D:\Documents and Settings\tiemajui\Application Data\ItDb.enc [2010/02/09 14:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\client.INI [2010/02/09 14:25:51 | 004,184,169 | ---- | C] () -- C:\WINDOWS\System32\GCITA.dll [2010/02/09 14:23:16 | 001,754,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2010/02/09 14:23:16 | 000,028,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2010/02/09 14:23:16 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2009/07/08 12:49:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2009/04/22 10:52:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll [2009/04/21 23:06:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsedit.INI [2008/11/24 16:25:16 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll [2008/10/23 14:47:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2008/10/23 10:43:24 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/10/23 10:43:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/10/23 09:35:35 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/10/23 09:24:39 | 000,001,747 | ---- | C] () -- C:\WINDOWS\SAPMSG.INI [2008/10/23 09:21:40 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll [2008/10/22 13:47:40 | 000,000,482 | ---- | C] () -- C:\WINDOWS\System32\profil.ini [2008/10/22 13:47:39 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\grantACL.ini [2008/10/20 14:46:35 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys [2008/10/20 14:22:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/10/20 14:19:27 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2008/10/20 14:16:52 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2008/10/20 14:16:52 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/10/20 14:13:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/10/20 14:13:59 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/10/20 14:13:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/10/20 14:13:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/10/20 14:13:59 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/10/20 14:13:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/10/20 14:10:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll [2008/10/20 14:07:42 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008/08/29 21:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2008/08/29 21:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2006/04/30 08:31:51 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/30 08:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/04/30 01:04:28 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/11/15 14:32:22 | 000,003,638 | R--- | C] () -- C:\Program Files\Common Files\Altiris_Icon.ico [2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1998/06/08 08:00:00 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\GETUSER.DLL [1998/06/01 08:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1998/06/01 08:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL < End of report > |
07.02.2011, 12:30 | #5 |
| Gozi Trojaner, aber auf welchem PC? Und der zweite:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/7/2011 12:25:36 PM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = D:\Documents and Settings\tiemajui\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 2962 2962 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 57.14 Gb Free Space | 76.67% Space Free | Partition Type: NTFS Drive D: | 74.52 Gb Total Space | 66.32 Gb Free Space | 89.00% Space Free | Partition Type: NTFS Drive H: | 3.00 Gb Total Space | 2.89 Gb Free Space | 96.33% Space Free | Partition Type: NTFS Drive W: | 599.99 Gb Total Space | 255.02 Gb Free Space | 42.50% Space Free | Partition Type: NTFS Computer Name: DEHER1N1755 | User Name: tiemajui | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts] "Enabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List] "1680:TCP:128.0.0.0/8,10.0.0.0/8:enabled:Carbon Copy" = 1680:TCP:128.0.0.0/8,10.0.0.0/8:enabled:Carbon Copy [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings] "AllowOutboundDestinationUnreachable" = 0 "AllowOutboundSourceQuench" = 0 "AllowRedirect" = 0 "AllowInboundEchoRequest" = 1 "AllowInboundRouterRequest" = 0 "AllowOutboundTimeExceeded" = 0 "AllowOutboundParameterProblem" = 0 "AllowInboundTimestampRequest" = 0 "AllowInboundMaskRequest" = 0 "AllowOutboundPacketTooBig" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 0 "LogFilePath" = d:\firewall.log "LogFileSize" = 16000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings] "Enabled" = 1 "RemoteAddresses" = * [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint] "Enabled" = 1 "RemoteAddresses" = * [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop] "Enabled" = 1 "RemoteAddresses" = * [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings] "AllowOutboundDestinationUnreachable" = 0 "AllowOutboundSourceQuench" = 0 "AllowRedirect" = 0 "AllowInboundEchoRequest" = 1 "AllowInboundRouterRequest" = 0 "AllowOutboundTimeExceeded" = 0 "AllowOutboundParameterProblem" = 0 "AllowInboundTimestampRequest" = 0 "AllowInboundMaskRequest" = 0 "AllowOutboundPacketTooBig" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 0 "LogFilePath" = d:\firewall.log "LogFileSize" = 16000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Altiris\AClient\AClntUsr.EXE" = C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000000-0000-5000-0000-0000836BD2D2}" = Microsoft Dynamics NAV 5.0 CSIDE Client "{00000000-0001-3700-0000-0000836BD2D2}" = Microsoft Business Solutions-Navision 3.70.B "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService "{123260D2-F148-11D0-BA76-00A024E16E89}" = eRoom 7 Client "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise "{148D9D03-5D23-4D4F-B5D0-BA6030C45DCF}" = Adobe Flash Player 10 ActiveX "{155FBB0D-0EE9-42D1-9E41-15E08F691033}" = Microsoft Producer for Microsoft Office PowerPoint 2003 "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{2851123E-5786-41BE-A3F1-A9B21E499EEB}" = Altiris Task Synchronization Agent "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc "{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14 "{332454D8-73B0-4b4a-954C-D96089CD898A}" = Altiris Carbon Copy Solution Agent "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FE3EDA-0C18-48DE-934B-D9862F82A7A8}" = McAfee Agent "{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps "{38B72BA2-3A5E-11DA-8BDE-F66BAD1E3F3A}" = Microsoft Visual FoxPro 9.0 Runtime "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera "{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software "{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300 "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help "{72FB1F3A-33BE-4C7F-9727-3AA2EAF861B0}" = Symantec Enterprise Vault Outlook Add-In "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86) "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{95120000-0052-0407-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007 "{A0A1EB01-A6FD-423A-8480-364055A7C961}" = Altiris Software Delivery Solution Agent "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0 "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C090B793-75D4-4284-8469-0194660A2703}" = Aurigma Image Uploader 4.1 Redistributable "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C18827CA-81DB-4D81-BCD6-261FC0E093C4}" = Quest Secure Password Extension "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E2284E87-D67C-4AC3-BCCB-C4F711A041A9}" = RMS Apparel & Accessories "{E444F7DA-C812-4E71-B8C1-FFC5E6D1528F}" = Microsoft Office Communicator 2007, MUI "{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007 "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{EC9D3EAB-6A46-451F-ACC9-285F6C144849}" = WebEx Productivity Tools "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel(R) PROSet/Wireless WiFi Software "{FC350782-8982-4BBE-B9BA-B474CCDC935A}" = Altiris Application Metering Agent "96c7f2a82b0c6a2ce4b0ca95e1002af0" = Sybase Adaptive Server Enterprise PC Client "A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37) "Access8.0" = Microsoft Access 97 "ActiveTouchMeetingClient" = WebEx "adidas" = adidas Screen Saver "adidas_screensaver_v0102" = adidas_screensaver_v0102 "Adobe AIR" = Adobe AIR "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Altiris Carbon Copy Solution Agent " = Altiris Carbon Copy Solution Agent 6.2 "CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter "HDMI" = Intel(R) Graphics Media Accelerator Driver "HECI" = Intel(R) Management Engine Interface "ie8" = Windows Internet Explorer 8 "ITPM" = Intel® Trusted Platform Module "LENOVO.SMIIF" = Lenovo System Interface Driver "Lookout" = Lookout "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module "MESOL" = Intel® Active Management Technology "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Office8.0" = Microsoft Office 97, Professional Edition "OnScreenDisplay" = On Screen Display "PCMCIAPW" = ThinkPad PC Card Power Policy "PicPick" = PicPick "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "PROSet" = Intel(R) Network Connections Drivers "SAPBI" = SAP Business Explorer "SAPGUI710" = SAP GUI 7.10 "SnaClient" = Microsoft SNA Server NT Client "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) ========== Last 10 Event Log Errors ========== Error: Unable to start EventLog service! < End of report > |
07.02.2011, 12:32 | #6 |
| Gozi Trojaner, aber auf welchem PC? Heute Abend kommen dann die entsprechenden Infos von meinem PC zu Hause. Denke aber eher, dass es der von der Arbeit ist. Wobei ich Gozi auf keinem finden konnte... Klaut Gozi auch meine Passwörter für Sachen wie facebook, email accounts etc? DANKE :-) |
07.02.2011, 14:20 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gozi Trojaner, aber auf welchem PC? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O4 - HKCU..\Run: [asr_ntfs] D:\Documents and Settings\tiemajui\Local Settings\Temp\regoute.dll () O4 - HKLM..\Run: [] File not found :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.02.2011, 15:23 | #8 |
| Gozi Trojaner, aber auf welchem PC? kurze Frage: wie lange dauert dieser OLT fix? das Programm sagt jetzt bestimmt schon ne halbe Stunde lang "resetting HOSTS file. Do Not Interrupt..." ist das normal? |
07.02.2011, 15:34 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gozi Trojaner, aber auf welchem PC? Warte noch ein bisschen ab.
__________________ Logfiles bitte immer in CODE-Tags posten |
07.02.2011, 18:34 | #10 |
| Gozi Trojaner, aber auf welchem PC? Das mit dem OLT Fix hat auf Arbeit nicht geklappt... kann es daran liegen, dass ich auf dem PC keine admin Rechte habe? Kannst du aus den anderen logs schon was erkennen? Ich mache dann jetzt mal weiter mit meinem privaten laptop... |
07.02.2011, 22:25 | #11 |
| Gozi Trojaner, aber auf welchem PC? Hier der Malwarebytes log vom Wochenende, wo ich auf meinem privaten Laptop ein paar Funde hatte und dann noch der von heute, wo alles sauber scheint: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5685 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 06.02.2011 02:41:51 mbam-log-2011-02-06 (02-41-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 220419 Laufzeit: 38 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\system volume information\_restore{ef710d4b-86a7-4635-8138-e81d2fbee8c6}\RP200\A0070773.exe (PUP.Dealio) -> Quarantined and deleted successfully. c:\system volume information\_restore{ef710d4b-86a7-4635-8138-e81d2fbee8c6}\RP200\A0070774.exe (PUP.Dealio) -> Quarantined and deleted successfully. c:\system volume information\_restore{ef710d4b-86a7-4635-8138-e81d2fbee8c6}\RP200\A0070775.dll (PUP.Dealio) -> Quarantined and deleted successfully. c:\system volume information\_restore{ef710d4b-86a7-4635-8138-e81d2fbee8c6}\RP200\A0070776.dll (PUP.Dealio) -> Quarantined and deleted successfully. c:\system volume information\_restore{ef710d4b-86a7-4635-8138-e81d2fbee8c6}\RP200\A0070780.dll (PUP.Dealio) -> Quarantined and deleted successfully. c:\system volume information\_restore{ef710d4b-86a7-4635-8138-e81d2fbee8c6}\RP201\A0070798.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\system volume information\_restore{ef710d4b-86a7-4635-8138-e81d2fbee8c6}\RP201\A0070801.rbf (PUP.Dealio) -> Quarantined and deleted successfully. c:\system volume information\_restore{ef710d4b-86a7-4635-8138-e81d2fbee8c6}\RP201\A0070802.rbf (PUP.Dealio) -> Quarantined and deleted successfully. Und nun von heute: Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 220028 Laufzeit: 39 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
07.02.2011, 22:38 | #12 |
| Gozi Trojaner, aber auf welchem PC? Die OLT logs von meinem privaten laptop:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.02.2011 22:27:16 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Dokumente und Einstellungen\Jules\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 531,00 Mb Available Physical Memory | 52,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 66,40 Gb Total Space | 10,28 Gb Free Space | 15,49% Space Free | Partition Type: NTFS Drive D: | 8,12 Gb Total Space | 2,25 Gb Free Space | 27,70% Space Free | Partition Type: FAT32 Computer Name: JULIE | User Name: Jules | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Jules\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\System Control Manager\MSIService.exe () PRC - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\WINDOWS\system32\PSIService.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Jules\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.) SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (Micro Star SCM) -- C:\Programme\System Control Manager\MSIService.exe () SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe () SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.) DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.08 11:32:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2011.02.07 18:40:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2010.12.23 08:18:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2010.12.23 08:18:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.13 22:40:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.23 13:29:33 | 000,000,000 | ---D | M] [2008.07.05 13:56:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jules\Anwendungsdaten\Mozilla\Extensions [2011.02.07 22:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jules\Anwendungsdaten\Mozilla\Firefox\Profiles\rwl5naot.default\extensions [2010.10.09 18:57:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Jules\Anwendungsdaten\Mozilla\Firefox\Profiles\rwl5naot.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.05 16:24:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Jules\Anwendungsdaten\Mozilla\Firefox\Profiles\rwl5naot.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2008.11.17 15:43:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Jules\Anwendungsdaten\Mozilla\Firefox\Profiles\rwl5naot.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2011.01.22 15:33:05 | 000,000,000 | ---D | M] (vShare) -- C:\Dokumente und Einstellungen\Jules\Anwendungsdaten\Mozilla\Firefox\Profiles\rwl5naot.default\extensions\vshare@toolbar [2011.02.03 21:36:21 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\Jules\Anwendungsdaten\Mozilla\Firefox\Profiles\rwl5naot.default\searchplugins\icqplugin.xml [2011.01.22 15:34:05 | 000,001,583 | ---- | M] () -- C:\Dokumente und Einstellungen\Jules\Anwendungsdaten\Mozilla\Firefox\Profiles\rwl5naot.default\searchplugins\web-search.xml [2011.02.04 23:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.02.07 18:40:31 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAMME\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2010.12.23 08:18:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2010.12.23 08:18:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2010.11.06 10:06:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.06 10:06:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.06 10:06:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.06 10:06:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.06 10:06:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (no name) - {BADE7EA1-0C0D-42DA-A1C3-D7CE743823DF} - File not found O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Programme\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [RemoteControl] C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [toolbar_eula_launcher] File not found O4 - HKLM..\Run: [UCam_Menu] C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211625236765 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (bacpbx.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jules\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jules\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.24 10:22:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.02.08 10:48:36 | 000,000,655 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell - "" = AutoRun O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell\AutoRun\command - "" = E:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.04 22:26:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.02.04 22:26:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.02.04 22:26:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.02.04 22:26:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.03 17:43:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2011.02.03 17:22:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011.01.27 20:33:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jules\Anwendungsdaten\Avira [2011.01.20 21:31:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2011.01.20 21:30:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2011.01.20 21:26:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jules\Lokale Einstellungen\Anwendungsdaten\Temp [2011.01.20 21:26:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2011.01.20 21:26:04 | 000,000,000 | ---D | C] -- C:\Programme\Google [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.07 22:31:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.02.07 21:31:09 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.02.07 21:30:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.02.07 21:30:19 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys [2011.02.07 18:25:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.02.04 22:26:36 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.27 14:07:26 | 001,436,304 | ---- | M] () -- C:\Dokumente und Einstellungen\Jules\Desktop\Handbuch_FRITZBox_SL_WLAN.pdf [2011.01.16 20:19:49 | 000,032,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Jules\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.04 22:26:36 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.27 14:07:26 | 001,436,304 | ---- | C] () -- C:\Dokumente und Einstellungen\Jules\Desktop\Handbuch_FRITZBox_SL_WLAN.pdf [2011.01.20 21:26:22 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.01.20 21:26:21 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.11.05 23:41:05 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini [2010.11.05 23:41:05 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini [2010.11.05 23:40:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009.03.06 19:07:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008.11.10 19:06:25 | 001,961,713 | -HS- | C] () -- C:\WINDOWS\System32\nijhxjay.ini [2008.11.10 03:50:41 | 001,955,780 | -HS- | C] () -- C:\WINDOWS\System32\auyqhjyg.ini [2008.11.10 03:47:38 | 000,506,169 | -HS- | C] () -- C:\WINDOWS\System32\iSYcdccf.ini2 [2008.11.10 03:47:38 | 000,506,169 | -HS- | C] () -- C:\WINDOWS\System32\iSYcdccf.ini [2008.07.05 14:28:17 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008.07.04 22:48:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos.INI [2008.07.04 22:37:46 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Jules\Anwendungsdaten\Default.PLS [2008.07.04 22:37:45 | 000,032,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Jules\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.10 10:51:34 | 006,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll [2008.05.25 08:46:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.05.24 17:36:41 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2008.05.24 17:36:39 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008.05.24 17:29:54 | 000,000,361 | ---- | C] () -- C:\WINDOWS\WISO.INI [2008.05.24 11:12:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.05.24 11:07:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2008.05.24 10:46:30 | 000,001,088 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.05.24 10:38:53 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006.02.09 13:46:26 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.02.2011 22:27:16 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Dokumente und Einstellungen\Jules\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 531,00 Mb Available Physical Memory | 52,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 66,40 Gb Total Space | 10,28 Gb Free Space | 15,49% Space Free | Partition Type: NTFS Drive D: | 8,12 Gb Total Space | 2,25 Gb Free Space | 27,70% Space Free | Partition Type: FAT32 Computer Name: JULIE | User Name: Jules | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.) "C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- () "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92D7264-1A13-45BE-B769-88445DD04FD6}" = Desktop Sidebar "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel "{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda Standard V5.7.2 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe "{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3D92514-CD5D-4E96-BE88-8258EB9BF85A}" = Azurewave Wireless LAN "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Designer 2.0_is1" = Designer 2.0 "DivX Setup.divx.com" = DivX-Setup "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) "ENTERPRISE" = Microsoft Office Enterprise 2007 "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "HotspotShield" = Hotspot Shield 1.07 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "LetsTrade" = LetsTrade Komponenten "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "SopCast" = SopCast 3.0.3 "SUPER ©" = SUPER © Version 2010.bld.41 (Oct 31, 2010) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TVAnts 1.0" = TVAnts 1.0 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "XTTB00001.XTTB00001Toolbar" = ICQ Toolbar "ZoneAlarm" = ZoneAlarm "ZoneAlarm Toolbar" = ZoneAlarm Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.02.2011 01:31:05 | Computer Name = JULIE | Source = Google Update | ID = 20 Description = Error - 05.02.2011 02:31:05 | Computer Name = JULIE | Source = Google Update | ID = 20 Description = Error - 05.02.2011 03:31:05 | Computer Name = JULIE | Source = Google Update | ID = 20 Description = Error - 05.02.2011 04:31:05 | Computer Name = JULIE | Source = Google Update | ID = 20 Description = Error - 05.02.2011 16:31:07 | Computer Name = JULIE | Source = Google Update | ID = 20 Description = Error - 05.02.2011 17:31:05 | Computer Name = JULIE | Source = Google Update | ID = 20 Description = Error - 05.02.2011 18:31:05 | Computer Name = JULIE | Source = Google Update | ID = 20 Description = Error - 05.02.2011 19:31:05 | Computer Name = JULIE | Source = Google Update | ID = 20 Description = Error - 05.02.2011 20:31:05 | Computer Name = JULIE | Source = Google Update | ID = 20 Description = Error - 05.02.2011 21:31:05 | Computer Name = JULIE | Source = Google Update | ID = 20 Description = [ System Events ] Error - 07.02.2011 17:34:18 | Computer Name = JULIE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 07.02.2011 17:34:19 | Computer Name = JULIE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 07.02.2011 17:34:20 | Computer Name = JULIE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 07.02.2011 17:34:21 | Computer Name = JULIE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 07.02.2011 17:34:22 | Computer Name = JULIE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 07.02.2011 17:34:23 | Computer Name = JULIE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 07.02.2011 17:34:24 | Computer Name = JULIE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 07.02.2011 17:34:25 | Computer Name = JULIE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 07.02.2011 17:34:26 | Computer Name = JULIE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant Error - 07.02.2011 17:34:27 | Computer Name = JULIE | Source = Service Control Manager | ID = 7003 Description = Der Dienst "TrueVector Internet Monitor" ist von folgendem, nicht vorhandenem Dienst abhängig: vsdatant < End of report > Soll ich hier jetzt auch den Fix vornehmen? |
08.02.2011, 08:49 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gozi Trojaner, aber auf welchem PC? Oh, die fehlenden Adminrechte sind mir garnicht aufgefallen Ohne die kann man nicht vernünftig bereinigen oder analysieren
__________________ Logfiles bitte immer in CODE-Tags posten |
08.02.2011, 10:03 | #14 |
| Gozi Trojaner, aber auf welchem PC? Macht nix, dann konzentrieren wir uns einfach auf meinen privat PC. Hab dir da die Malwarebytes log files und die OLT log files angehängt. Muss ich da jetzt auch so nen OLT Fix machen? Kannst du denn sehen, ob auf beiden PCs der Gozi ist oder auf welchem er ist? |
08.02.2011, 10:26 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Gozi Trojaner, aber auf welchem PC? Machst du jetzt Logs von verschiedenen PCs hier rein? Sry, das will ich nicht, dann kommt man vollends durcheinander. Mach für den anderen Rechner einen separaten Strang auf. Und die Arbeitskiste müssen deine Kollegen aus der EDV machen, die sind dafür auch primät zuständig!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Gozi Trojaner, aber auf welchem PC? |
.com, .dll, antivir, browser, computer, computern, dateien, explorer, firefox, frage, gesperrt, gozi trojaner, gozitrojaner, helper, internet, konto gesperrt, kontosperrung, log, malwarebytes, microsoft, mozilla, pdfforge toolbar, problem, programme, scan, searchsettings.dll, software, system, trojaner, viren, ändern |