|
Plagegeister aller Art und deren Bekämpfung: Weiterleitung zu Gomeo u.a., Rechner lahmt, I-Net Verbindung lahmt -> PanikWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.02.2011, 09:27 | #1 |
| Weiterleitung zu Gomeo u.a., Rechner lahmt, I-Net Verbindung lahmt -> Panik Liebes Boardteam, am gestrigen Abend surfte ich in einer Reihe von Boards und Blogs (Recherche) sowie auf Seiten wie gutefrage.net u.a., die vollegestopft mit PopUps waren. In einem Augenblick sah ich dann kurz ein Fenster der Eingabeaufforderung aufblitzen und ab da war dann die K*cke am dampfen. - es kam zu Weiterleitungen, vornehmlich auf Gomeo (aber auch auf andere) - der Rechner lief nur noch schleppend langsam und Seiten bauen sich v.a. im IE (aber auch im Firefox) nur noch langsam auf - außerdem laufen seitdem im Hintergrund zwei Dateien: csrss.exe und dwm.exe -> beide sind ja normalerweise Dienste und werden vom Benutzer SYSTEM ausgeführt - diese hier befinden sich jedoch nicht in den entsprechenden Systemordnern, sondern anderswo auf der Platte - Versuche sie zu löschen waren erfolglos - Spybot meldet den Fund Win32.Fakealert.ttam sowie Win32.Palevo - beide nicht entfernbar (und tauchen erneut wieder auf) - AntiVir meldet zahlreiche weitere Funde (jedoch nicht immer die gleichen) - in der Datei "hosts" fanden sich zahlreiche Einträge bezüglich der Update Server von AntiVir, die ich entfernt habe Betriebssystem ist Windows Vista 32. Entsprechend der Anleitung hier im Forum habe ich keine eigenen Schritte unternommen, sondern den Anti Malware Scan durchgeführt, mit folgendem Ergebnis: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5709 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 08.02.2011 09:08:35 mbam-log-2011-02-08 (09-08-35).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 147492 Laufzeit: 2 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: c:\Users\Andreas\AppData\Roaming\microsoft\conhost.exe (Trojan.Downloader) -> 3804 -> Unloaded process successfully. d:\Temp\csrss.exe (Trojan.Agent) -> 2104 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Downloader) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (D:\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Andreas\AppData\Roaming\microsoft\conhost.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Andreas\AppData\Roaming\mdjaw.dat (Malware.Trace) -> Quarantined and deleted successfully. d:\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. Direkt im Anschluss an den Neustart funktionierte der Internetzugriff mit dem IE nicht. Grund: irgend etwas klickte "Zugriff über Proxy Server" an. Nach diesem Neustart WIRKT das System sauber, ich traue dem Frieden aber nicht. Es fühlt sich außerdem noch immer "schleppend" an. Die beiden verdächtigen Dateien tauchen derzeit allerdings nicht mehr im Task Manager auf. Entsprechend der Anleitung hier die Logs von OTL 1.) OTL.txt Code:
ATTFilter OTL logfile created on: 08.02.2011 09:19:49 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Andreas\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): c:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 25,39 Gb Total Space | 2,95 Gb Free Space | 11,62% Space Free | Partition Type: NTFS Drive D: | 86,40 Gb Total Space | 3,27 Gb Free Space | 3,78% Space Free | Partition Type: NTFS Drive E: | 7,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 149,05 Gb Total Space | 4,45 Gb Free Space | 2,99% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.02.08 09:16:51 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe PRC - [2010.12.23 13:16:45 | 000,267,944 | ---- | M] (Avira GmbH) -- D:\Programme\AntiVir\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.14 14:04:48 | 000,653,120 | ---- | M] (TuneUp Software) -- D:\Programme\TuneUp Utilities\TuneUpUtilitiesApp32.exe PRC - [2010.12.14 14:03:16 | 001,517,376 | ---- | M] (TuneUp Software) -- D:\Programme\TuneUp Utilities\TuneUpUtilitiesService32.exe PRC - [2010.11.27 09:49:38 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Programme\AntiVir\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.27 09:49:38 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Programme\AntiVir\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.17 06:32:57 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Programme\Steam\Steam.exe PRC - [2010.10.16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Programme\AntiVir\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.02.11 16:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (SafeList) ========== MOD - [2011.02.08 09:16:51 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.23 13:16:45 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programme\AntiVir\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.14 14:03:16 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Programme\TuneUp Utilities\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.12.14 14:00:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.11.27 09:49:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programme\AntiVir\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator) SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- D:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.02.11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2010.12.23 13:16:47 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Programme\TuneUp Utilities\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.27 09:49:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.16 19:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.08.18 18:56:01 | 000,076,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV84.sys -- (SSHDRV84) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.05.31 00:43:28 | 000,260,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.10 20:42:56 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.04.10 20:39:00 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2009.03.30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2009.02.11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008.11.05 22:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.10.11 14:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.07.29 14:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2008.01.21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF D1 2A EB F6 19 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55414 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.01.08 17:51:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.01.08 17:51:00 | 000,000,000 | ---D | M] [2010.07.02 20:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2011.02.07 23:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\6cdvyhny.default\extensions [2010.07.02 20:50:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\6cdvyhny.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.02 20:58:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\6cdvyhny.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.11.25 14:53:51 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\6cdvyhny.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.02.07 23:01:22 | 000,001,056 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\6cdvyhny.default\searchplugins\icqplugin.xml [2010.07.02 20:59:43 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} O1 HOSTS File: ([2011.02.07 23:09:06 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] D:\Programme\AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.33 83.169.186.97 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O27 - HKLM IFEO\3gpplayer.exe: Debugger - "D:\Programme\TuneUp Utilities\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\cdbxpp.exe: Debugger - "D:\Programme\TuneUp Utilities\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\presentationhost.exe: Debugger - "D:\Programme\TuneUp Utilities\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - "D:\Programme\TuneUp Utilities\TUAutoReactivator32.exe" (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.03.06 08:39:16 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2008.01.25 21:10:40 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2008.03.06 07:42:11 | 000,165,136 | R--- | M] (Electronic Arts Inc.) - E:\autorun.exe -- [ UDF ] O33 - MountPoints2\{31d895e7-85d8-11df-9759-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{31d895e7-85d8-11df-9759-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008.03.06 07:42:11 | 000,165,136 | R--- | M] (Electronic Arts Inc.) O33 - MountPoints2\{3699fe11-de00-11df-9061-002219df9ca9}\Shell - "" = AutoRun O33 - MountPoints2\{3699fe11-de00-11df-9061-002219df9ca9}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.08 09:18:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.02.08 09:03:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes [2011.02.08 09:03:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.08 09:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.08 09:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.08 09:03:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.07 22:17:04 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2011.02.07 22:09:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Anti-Malware [2011.02.07 18:30:56 | 000,118,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\dxsdkuninst.exe [2011.02.07 18:30:55 | 004,280,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3dx9d_41.dll [2011.02.07 18:30:55 | 003,795,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9d_33.dll [2011.02.07 18:30:55 | 002,650,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9d.dll [2011.02.07 18:30:55 | 001,063,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite_beta.dll [2011.02.07 18:30:55 | 000,931,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudioD2_4.dll [2011.02.07 18:30:55 | 000,842,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D2D1_beta.dll [2011.02.07 18:30:55 | 000,799,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10WARP_beta.dll [2011.02.07 18:30:55 | 000,518,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D11_beta.dll [2011.02.07 18:30:55 | 000,497,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX10d_41.dll [2011.02.07 18:30:55 | 000,492,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D11SDKLayers.dll [2011.02.07 18:30:55 | 000,492,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D11Ref.dll [2011.02.07 18:30:55 | 000,492,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXGI_beta.dll [2011.02.07 18:30:55 | 000,491,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10Level9_beta.dll [2011.02.07 18:30:55 | 000,441,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10SDKLayers.DLL [2011.02.07 18:30:55 | 000,428,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XactEngineA3_4.dll [2011.02.07 18:30:55 | 000,355,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10Ref.DLL [2011.02.07 18:30:55 | 000,348,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dref9.dll [2011.02.07 18:30:55 | 000,343,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XactEngineD3_4.dll [2011.02.07 18:30:55 | 000,233,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX11_41.dll [2011.02.07 18:30:55 | 000,225,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10_1core_beta.dll [2011.02.07 18:30:55 | 000,168,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3D10_1_beta.dll [2011.02.07 18:30:55 | 000,125,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFXD1_3.dll [2011.02.07 18:30:55 | 000,045,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudioD1_6.dll [2011.02.07 18:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (March 2009) [2011.02.07 17:48:54 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.02.07 17:48:52 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.02.06 13:30:46 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\Command & Conquer 3 Kanes Rache [2011.02.06 13:28:38 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Command & Conquer 3 Kanes Rache [2011.02.04 15:30:13 | 000,000,000 | RH-D | C] -- C:\Users\Andreas\AppData\Roaming\SecuROM [2011.01.29 09:51:56 | 000,000,000 | ---D | C] -- C:\Programme\EA Games [2011.01.21 19:53:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2011.01.21 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\APOX [2011.01.21 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\APOX [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.08 09:18:40 | 002,242,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.08 09:18:40 | 001,167,118 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.08 09:18:40 | 000,665,190 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.08 09:18:40 | 000,589,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.08 09:16:51 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2011.02.08 09:11:13 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.08 09:11:13 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.08 09:11:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.08 09:10:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.08 09:05:04 | 000,021,717 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\F7AA.322 [2011.02.08 09:03:38 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.08 08:28:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.07 21:57:24 | 000,000,148 | ---- | M] () -- C:\Windows\wininit.ini [2011.02.07 18:29:05 | 000,118,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\dxsdkuninst.exe [2011.02.07 17:12:38 | 000,178,688 | ---- | M] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.07 17:12:07 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\At1.job [2011.02.07 17:06:03 | 000,000,008 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\kuhzmn.dat [2011.02.06 18:57:45 | 000,014,848 | ---- | M] () -- C:\Users\Andreas\Desktop\Bericht 2011-01.doc [2011.02.04 18:40:21 | 000,000,706 | ---- | M] () -- C:\Users\Andreas\Desktop\DVDs Biologie.lnk [2011.02.02 22:21:16 | 000,000,577 | ---- | M] () -- C:\Users\Andreas\Desktop\Marke Berliner.lnk [2011.01.30 09:36:10 | 000,252,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.01.14 18:13:28 | 000,059,710 | ---- | M] () -- C:\Users\Andreas\Desktop\VP-Internetliste-30000-39999.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.08 09:03:38 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.07 17:43:54 | 000,000,148 | ---- | C] () -- C:\Windows\wininit.ini [2011.02.07 17:11:08 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\At1.job [2011.02.07 17:06:05 | 000,021,717 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\F7AA.322 [2011.02.07 17:06:03 | 000,000,008 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\kuhzmn.dat [2011.02.06 13:28:04 | 000,000,614 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kanes Wrath.lnk [2011.02.04 18:40:21 | 000,000,706 | ---- | C] () -- C:\Users\Andreas\Desktop\DVDs Biologie.lnk [2011.02.02 22:21:16 | 000,000,577 | ---- | C] () -- C:\Users\Andreas\Desktop\Marke Berliner.lnk [2011.01.29 12:41:36 | 000,014,848 | ---- | C] () -- C:\Users\Andreas\Desktop\Bericht 2011-01.doc [2011.01.14 18:13:28 | 000,059,710 | ---- | C] () -- C:\Users\Andreas\Desktop\VP-Internetliste-30000-39999.pdf [2011.01.01 16:02:27 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.01.01 16:01:14 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini [2010.12.13 19:53:07 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.20 09:28:44 | 000,000,095 | ---- | C] () -- C:\Users\Andreas\AppData\Local\fusioncache.dat [2010.08.18 18:56:01 | 000,076,800 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV84.sys [2010.07.02 22:53:33 | 000,022,328 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\PnkBstrK.sys [2010.07.02 21:05:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.07.02 20:16:12 | 000,029,239 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\UserTile.png [2010.07.02 20:06:34 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.07.02 18:46:34 | 000,178,688 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.02 16:36:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.02 13:57:24 | 000,000,680 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps.dat [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2011.01.02 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\.minecraft [2011.02.06 20:10:19 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\APOX [2010.08.12 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Canneverbe Limited [2011.02.06 13:30:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Command & Conquer 3 Kanes Rache [2010.11.25 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DVDVideoSoft [2011.02.07 10:27:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\foobar2000 [2010.11.25 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FreeFLVConverter [2010.12.09 07:21:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\GetRightToGo [2011.02.07 15:29:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ [2010.08.11 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mael [2010.12.29 15:54:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Mount&Blade [2010.07.02 21:23:50 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org [2010.07.02 20:16:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PeerNetworking [2010.07.08 22:22:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SimpleScreenshot [2010.08.14 15:03:38 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Soldat [2011.01.02 13:54:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software [2010.12.10 15:40:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ZombieDriver [2011.02.07 17:12:07 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011.02.08 09:09:04 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66B13F37 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.02.2011 09:19:49 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Andreas\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): c:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 25,39 Gb Total Space | 2,95 Gb Free Space | 11,62% Space Free | Partition Type: NTFS Drive D: | 86,40 Gb Total Space | 3,27 Gb Free Space | 3,78% Space Free | Partition Type: NTFS Drive E: | 7,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 149,05 Gb Total Space | 4,45 Gb Free Space | 2,99% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1811348944-2523499471-3830172707-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{041A7593-EAF5-4CAF-A87D-FDA74E5E392E}" = rport=139 | protocol=6 | dir=out | app=system | "{536A8865-A702-404B-8206-E2058F9CC416}" = lport=139 | protocol=6 | dir=in | app=system | "{76D70CFE-642B-4BDA-A9F4-457A13E72A39}" = rport=445 | protocol=6 | dir=out | app=system | "{7FE39736-5AB9-466B-AAA9-A00262132E2B}" = lport=138 | protocol=17 | dir=in | app=system | "{842AA9AA-EF93-4604-99FA-AE16D35DC4DB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9FA89895-9324-4946-8364-D553988935AE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AF237480-1CB7-4F2C-AFA0-FEE7E2104BEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B02FB496-07BA-49A8-985B-5FFAF214B85B}" = rport=137 | protocol=17 | dir=out | app=system | "{BA185E95-FC85-44BC-BFD4-AEAA6735CC3F}" = rport=138 | protocol=17 | dir=out | app=system | "{C1D1F56F-F254-4DA8-B415-E01733961058}" = lport=445 | protocol=6 | dir=in | app=system | "{C31B4352-0B2A-4014-9122-8F3B780367C8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C3B179FD-5FED-4D5F-9582-8BD34852E468}" = lport=137 | protocol=17 | dir=in | app=system | "{C4C915F3-7430-4510-A453-34AA7F0E142C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C775F753-7287-4582-AD3E-621A10AB7632}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C92A04D5-A343-46D2-AB83-B1098D3859CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CAE4EDF7-0C30-4A4B-A8BB-D14A4FE9F665}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D3630C35-C462-4A30-B28B-81ECA4D13C4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D4BD5030-4E09-4A9A-9F72-CC2B486E2CE3}" = lport=2869 | protocol=6 | dir=in | app=system | "{D656EB6D-82F9-48BD-A86A-4C95840810BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DAA26DEF-E6C5-44F0-AF51-97F4F363F0BE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EB0A9B27-4CA5-419B-BF25-4B03E9D1DBF2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{F9479269-5E66-43B0-8751-97BBB51B1421}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{FF6941D1-ECB6-454A-A0D1-AB55F80D3C7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AA7C89D-D75B-4486-9332-436C9D3DBBEE}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{0DF0C035-4123-4D36-BF81-6CD7C92FF931}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0E99624A-5BF1-444F-900B-77374E3C9337}" = protocol=17 | dir=in | app=d:\programme\icq7.2\aolload.exe | "{14D295D7-20E0-4941-9FB2-00570417FB2F}" = protocol=17 | dir=in | app=d:\programme\icq7.2\aolload.exe | "{1D2CD340-18D9-4999-BEC3-96A5DADF65B1}" = protocol=6 | dir=in | app=d:\programme\icq7.2\aolload.exe | "{373ABA91-D677-4BF0-8A83-BF604E490BDB}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{4714AC4A-8A49-496C-9D70-8B9EC9DCD3E1}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe | "{4DCB6770-5E67-4A6A-87E0-A5655760D1EA}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{53A51848-3F3D-4662-B1B6-BF470EA955D3}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\zombie driver\release\zombiedriver.exe | "{5AC14B0F-13CC-4BE5-8B0E-AD4E9F240013}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{627FA755-9BA2-44BD-B050-5AA4C752327C}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\thief deadly shadows\system\runme.exe | "{6D806B6A-9D0C-4280-BBC2-F2C35E05A506}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{6EADD9A3-950D-4C63-B549-F90F566462CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6FA8CB4C-85F7-47C8-8DB2-1DB4B9ADD5DB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{7032B666-19F4-46C3-A371-ACE67C373EE2}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe | "{7540C601-0EF0-4BED-9650-1278377DE69D}" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe | "{7D78FF25-1A26-4B9E-867C-321A00EED109}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\just cause 2\justcause2.exe | "{856B75C1-A350-4FEC-99BE-C1E31B729203}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{87DFEBA1-DF41-4B92-B7F7-23453FF5CD33}" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe | "{949374FF-7E19-48B2-9873-6AD7C066D40F}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\apox\gameclient\apox.exe | "{A03BB4DC-B77D-4F3A-95F6-554861C0275D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AE4506AA-02D9-4D73-B72D-4C8347FCF50D}" = protocol=17 | dir=in | app=d:\programme\icq7.2\aolload.exe | "{B6045E68-4A80-488E-AF30-B96776FA4BE8}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\zombie driver\release\zombiedriver.exe | "{C0518F92-51AA-4DA8-A02C-633D1FDDD06C}" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe | "{C08EA019-9696-4D7F-9999-A2E0CD36CFCE}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\just cause 2\justcause2.exe | "{C569E2BA-8774-4AA7-9982-3BD194B18F07}" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe | "{C5D29DFB-2E3D-4C55-818B-DE65C9922BB6}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\thief deadly shadows\system\runme.exe | "{D2F89806-E2CC-40E2-AAF7-E364F8C807CF}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\apox\gameclient\apox.exe | "{E1D5C10F-B9A0-4AF8-A055-7F8A2C5FD32B}" = protocol=17 | dir=in | app=d:\spiele\need for speed\launcher.exe | "{E28A925F-F677-4A0C-8885-71DBEDF88328}" = protocol=6 | dir=in | app=d:\spiele\need for speed\launcher.exe | "{ECC7E9F8-BB60-4DB9-9173-49992F7252FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F0204480-E1C9-415C-AAE7-243F4DC8B7CE}" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe | "{F085B2DE-BBD6-4481-A962-9D9E580C6FCB}" = protocol=6 | dir=in | app=d:\programme\icq7.2\aolload.exe | "{F0E6E1F3-24C8-4925-97E6-E3DF6C79C04E}" = protocol=6 | dir=in | app=d:\programme\icq7.2\aolload.exe | "{F8584DFE-6C32-420D-B87F-0853C49D0C02}" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe | "TCP Query User{435FE817-BE8D-4670-B11D-224F33A29D8E}D:\programme\dx sdk\utilities\bin\x86\audconsole3.exe" = protocol=6 | dir=in | app=d:\programme\dx sdk\utilities\bin\x86\audconsole3.exe | "TCP Query User{6934CB41-4D27-48F8-9165-C5E940A81EA9}D:\programme\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\red faction guerrilla\rfg.exe | "TCP Query User{ABA5591B-0B2C-451A-9560-6AA56B037C38}D:\spiele\need for speed\nfs11.exe" = protocol=6 | dir=in | app=d:\spiele\need for speed\nfs11.exe | "TCP Query User{C1A74278-62B0-405A-ADEE-EDA18DF8C85C}D:\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=d:\temp\electronicarts_patcher_000.exe | "UDP Query User{1C94C356-E16D-4B18-924B-40E3E02A827D}D:\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=d:\temp\electronicarts_patcher_000.exe | "UDP Query User{95435FED-0552-4AF6-9CD7-37C6295645F3}D:\programme\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\red faction guerrilla\rfg.exe | "UDP Query User{B2DFE28C-540D-4AB8-9331-74DE2C779588}D:\spiele\need for speed\nfs11.exe" = protocol=17 | dir=in | app=d:\spiele\need for speed\nfs11.exe | "UDP Query User{EE9BED26-969E-449F-A5F9-E5DB716D974A}D:\programme\dx sdk\utilities\bin\x86\audconsole3.exe" = protocol=17 | dir=in | app=d:\programme\dx sdk\utilities\bin\x86\audconsole3.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client "{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache "{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "3gp Player" = 3gp Player "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "DivX Setup.divx.com" = DivX-Setup "FileZilla Client" = FileZilla Client 3.2.7.1 "FLV Player" = FLV Player 2.0 (build 25) "foobar2000" = foobar2000 v1.0.3 "Fraps" = Fraps "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.15 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard "M.A.X. 1 and 2_is1" = M.A.X. 1 and 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft DirectX SDK (March 2009)" = Microsoft DirectX SDK (March 2009) "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OpenAL" = OpenAL "Orion2DeinstKey" = Master of Orion II "ratDVD" = ratDVD 0.78.1444 "Steam App 31410" = Zombie Driver "Steam App 50130" = Mafia II "Steam App 6980" = Thief: Deadly Shadows "Steam App 80000" = APOX "Steam App 8190" = Just Cause 2 "SystemRequirementsLab" = System Requirements Lab "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Two Worlds_is1" = Two Worlds "Uninstall_is1" = Uninstall 1.0.0.1 "Warzone 2100" = Warzone 2100 "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "yEd Graph Editor 3.5.0.2" = yEd Graph Editor 3.5.0.2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 08.02.2011 03:23:37 | Computer Name = Computer | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.02.2011 03:30:40 | Computer Name = Computer | Source = LoadPerf | ID = 3012 Description = Error - 08.02.2011 03:30:40 | Computer Name = Computer | Source = LoadPerf | ID = 3012 Description = Error - 08.02.2011 03:30:40 | Computer Name = Computer | Source = LoadPerf | ID = 3011 Description = Error - 08.02.2011 04:11:19 | Computer Name = Computer | Source = WinMgmt | ID = 10 Description = Error - 08.02.2011 04:11:23 | Computer Name = Computer | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.02.2011 04:11:23 | Computer Name = Computer | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 08.02.2011 04:18:37 | Computer Name = Computer | Source = LoadPerf | ID = 3012 Description = Error - 08.02.2011 04:18:37 | Computer Name = Computer | Source = LoadPerf | ID = 3012 Description = Error - 08.02.2011 04:18:37 | Computer Name = Computer | Source = LoadPerf | ID = 3011 Description = [ System Events ] Error - 07.02.2011 18:23:09 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Error - 07.02.2011 18:23:09 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Error - 07.02.2011 18:23:09 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Error - 07.02.2011 18:23:09 | Computer Name = Computer | Source = Service Control Manager | ID = 7026 Description = Error - 07.02.2011 18:23:09 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Error - 07.02.2011 18:23:09 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Error - 07.02.2011 18:23:09 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Error - 07.02.2011 18:23:12 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Error - 08.02.2011 03:24:10 | Computer Name = Computer | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 08.02.2011 04:12:21 | Computer Name = Computer | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > Ich freue mich über jede Hilfe, dir ihr mir geben könnt, da ich im Moment nicht die Möglichkeit habe in Ruhe das System neu aufzusetzen, sondern die nächsten Wochen auf den Rechner hier angewiesen bin. Vielen Dank im Voraus! |
09.02.2011, 12:00 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung zu Gomeo u.a., Rechner lahmt, I-Net Verbindung lahmt -> PanikZitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
Themen zu Weiterleitung zu Gomeo u.a., Rechner lahmt, I-Net Verbindung lahmt -> Panik |
alternate, antivir, antivir meldet, avgntflt.sys, avira, bho, cdburnerxp, conhost.exe, corp./icp, error, firefox, flash player, format, helper, hijack.shell, host.exe, iastor.sys, install.exe, langsam, location, logfile, malware, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, plug-in, presentationhost.exe, programdata, programm, proxy, proxy server, registry, rundll, saver, scan, searchplugins, security, server, shell32.dll, skype.exe, software, start menu, studio, system, system neu, video converter, vista, visual studio, win32.fakealert.ttam, win32.palevo, windows |