| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.02.2011, 16:04
| #1 |
 |  bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( Ich habe seit einigen Tagen das Problem, dass mein Laptop langsam läuft. Wenn ich den Taskmanager öffne sind da immer 2 oder mehr iexplore.exe, obwohl ich gar keinen Internetexplorer benutze. Ich habe dann den Internet Explorer durch ZoneAlarm sperren lassen und Antivir eine Systemprüfung durchführen lassen. Im ersten Durchgang fand Antivir nichts und ich habe noch einmal eine Prüfung im abgesicherten Modus gemacht und wieder nichts gefunden. Nach langer Google suche habe ich dann HijackThis und Malewarebytes scannen lassen. Beide finden den Trojaner können ihn aber nicht löschen. Ich kann ihn auch nicht manuell löschen. Ich bin nicht so gut in Computerdingen und ich weiß jetzt nicht was ich alles posten soll, und was ihr wirklich braucht. Ich will nichts falsch machen, also sagt mir bitte was ihr alles braucht. Ich würde mich sehr freuen, wenn wir gemeinsam diesen Trojaner bekämpfen und schließlich löschen können. Danke fürs lesen Traurige Grüße  Vielen Dank |
|
15.02.2011, 16:10
| #2 |
| /// Malware-holic   |  bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( poste die Malwarebytes logs, zu finden unter logdateien.
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
15.02.2011, 16:58
| #3 |
| | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( WOW... Danke für die schnelle Antwort !
__________________Hier die Malewarebytes Logs: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5766
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999
15.02.2011 15:22:47
mbam-log-2011-02-15 (15-22-47).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175204
Laufzeit: 4 Minute(n), 2 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
c:\Users\Jenny\AppData\Local\Temp\comminfo.dll (Trojan.TemPW.Gen) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\comminfo.dll (Trojan.TemPW.Gen) -> Value: comminfo.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\comminfo.dll_xserve (Trojan.TemPW.Gen) -> Value: comminfo.dll_xserve -> Delete on reboot.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Jenny\AppData\Local\Temp\comminfo.dll (Trojan.TemPW.Gen) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5766
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999
15.02.2011 15:36:59
mbam-log-2011-02-15 (15-36-59).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175358
Laufzeit: 4 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
c:\Users\Jenny\AppData\Local\Temp\comminfo.dll (Trojan.TemPW.Gen) -> Not selected for removal.
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\comminfo.dll (Trojan.TemPW.Gen) -> Value: comminfo.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\comminfo.dll_xserve (Trojan.TemPW.Gen) -> Value: comminfo.dll_xserve -> Not selected for removal.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Jenny\AppData\Local\Temp\comminfo.dll (Trojan.TemPW.Gen) -> Not selected for removal.
OTL.txt : Code:
ATTFilter OTL logfile created on: 15.02.2011 16:36:27 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Jenny\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 144,04 Gb Total Space | 34,96 Gb Free Space | 24,27% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 88,88 Gb Free Space | 61,71% Space Free | Partition Type: NTFS Drive E: | 4,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JENNY-PC | User Name: Jenny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jenny\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Jenny\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) ========== Modules (SafeList) ========== MOD - C:\Users\Jenny\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\crtdll.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\DRIVERS\vsdatant.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys () DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys () DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.02.15 04:52:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.11 14:38:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.11 14:38:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.01.11 14:38:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.03.04 15:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions [2010.03.04 15:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.02.15 04:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\znl714wi.default\extensions [2010.02.27 08:50:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\znl714wi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.20 19:39:57 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\znl714wi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.10.15 09:58:56 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\znl714wi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.05 01:32:50 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\znl714wi.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2010.01.20 12:14:16 | 000,000,917 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\znl714wi.default\searchplugins\conduit.xml [2010.07.17 02:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.07.17 02:16:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.12 23:33:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.02.15 04:52:10 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER [2010.06.12 23:33:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.10.23 14:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - File not found O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuz0.dll (Conduit Ltd.) O3:64bit: - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe () O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000..\Run: [comminfo.dll] C:\Users\Jenny\AppData\Local\Temp\comminfo.dll () O4 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000..\Run: [comminfo.dll_xserve] C:\Users\Jenny\AppData\Local\Temp\comminfo.dll () O4 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000..\Run: [EA Core] File not found O4 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000..\Run: [imapispl.dll] C:\Windows\SysWOW64\imapispl.dll () O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\wpclsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysNative\wpclsp.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL (Google) O20 - AppInit_DLLs: (comminfo.dll) - C:\Windows\SysWow64\comminfo.dll () O20 - AppInit_DLLs: (imapispl.dll) - C:\Windows\SysWow64\imapispl.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.04.20 21:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2010.03.27 05:03:00 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{d3d503e9-0f4c-11df-bd79-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d3d503e9-0f4c-11df-bd79-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.04.20 21:37:17 | 000,054,544 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vsmon - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {9AB7AB87-B968-4CDD-CE63-C3EED51973AA} - ActiveX:64bit: {AB8AC77C-A00B-8AF6-0AAC-C21E018B4308} - Browser Customizations ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm () Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.02.15 06:56:29 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes [2011.02.15 06:56:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.02.15 06:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.15 06:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.15 06:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.02.15 05:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro [2011.02.15 05:35:15 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.02.15 04:52:18 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\ForceField Shared Files [2011.02.15 04:52:13 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\CheckPoint [2011.02.15 04:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm-Sicherheit [2011.02.15 04:49:32 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2011.02.15 04:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm [2011.02.15 04:49:25 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll [2011.02.15 04:49:22 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll [2011.02.15 04:48:20 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll [2011.02.15 04:48:20 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll [2011.02.15 04:48:13 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll [2011.02.15 04:48:10 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll [2011.02.15 04:48:10 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll [2011.02.15 04:48:10 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll [2011.02.15 04:48:10 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll [2011.02.15 04:48:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs [2011.02.15 04:48:09 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll [2011.02.15 04:47:26 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll [2011.02.15 04:47:26 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll [2011.02.15 04:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs [2011.02.15 04:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2011.02.15 04:44:47 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.02.15 02:15:54 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Avira [2011.02.15 02:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.02.15 02:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.02.14 23:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.02.14 02:58:08 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Downloads\Desktop\Schicke Bank 3363 [2011.02.14 02:57:34 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Downloads\Desktop\sims 3 [2011.02.13 19:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011 [2011.02.13 19:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 [2011.02.12 16:08:09 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\GIANTS Editor 4.1.7 [2011.02.12 15:27:12 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Downloads\Desktop\Dreiseitenhof [2011.02.12 14:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software [2011.02.12 14:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIANTS Software [2011.02.12 01:50:04 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Downloads\Desktop\Neuer Ordner (5) [2011.02.12 01:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2011.02.12 01:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2011.02.11 09:06:29 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Downloads\Desktop\Neuer Ordner (4) [2011.02.10 23:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine [2011.02.10 22:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule [2011.02.10 22:35:17 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\eMule [2011.02.10 22:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule [2011.02.10 22:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule [2011.02.10 22:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enlight [2011.02.10 22:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enlight [2011.02.10 21:47:32 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2011.02.10 21:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011 Demo [2011.02.10 21:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 Demo [2011.02.08 14:28:10 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\click [2011.01.18 19:16:30 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\xcharlive.1655C4F6526B808855D0A24D09D32A2277FBA03C.1 [2011.01.18 19:14:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xchar Live [2011.01.18 19:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.15 16:24:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1048853084-1438700988-2564156336-1000UA.job [2011.02.15 16:09:14 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.15 16:09:14 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.15 15:32:12 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.15 15:32:12 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.15 15:32:12 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.15 15:32:12 | 000,122,842 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.15 15:32:12 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.02.15 15:24:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.15 11:24:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1048853084-1438700988-2564156336-1000Core.job [2011.02.15 06:56:23 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.15 06:30:55 | 000,002,559 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\HiJackThis.lnk [2011.02.15 04:52:37 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.02.15 04:49:26 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml [2011.02.15 02:11:43 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.02.15 02:00:34 | 049,849,560 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\avira_antivir_personal611_de.exe [2011.02.14 23:42:08 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Erstelle eine Welt-Tool - Beta.lnk [2011.02.13 19:23:38 | 000,001,132 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\Landwirtschafts Simulator 2011 .lnk [2011.02.13 17:49:41 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.02.13 06:10:53 | 132,608,685 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\TheLostFarm.zip [2011.02.13 02:13:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2011.02.12 01:49:07 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2011.02.12 01:49:07 | 000,001,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2011.02.10 23:34:25 | 000,001,024 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\zt - Verknüpfung.lnk [2011.02.10 23:00:06 | 000,489,472 | -HS- | M] () -- C:\Windows\SysWow64\comminfo.dll [2011.02.10 22:57:44 | 000,072,192 | -HS- | M] () -- C:\Windows\SysWow64\imapispl.dll [2011.02.10 22:36:40 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk [2011.02.10 22:10:18 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Restaurant Empire.lnk [2011.02.10 21:46:58 | 000,001,177 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\Landwirtschafts Simulator 2011 Demo.lnk [2011.02.09 00:25:04 | 000,137,916 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\RD_EST_Verbandsinfo über kurzz. Vorhaltererh_2010719 V II.pdf [2011.02.08 19:01:23 | 000,103,424 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.29 19:37:08 | 000,415,431 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\zzzzzzzzzz_TerrainOverlayUpdate (1).z2f [2011.01.29 13:33:56 | 002,873,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.01.29 06:51:33 | 000,001,355 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\Dokument.rtf [2011.01.29 06:49:14 | 000,041,538 | ---- | M] () -- C:\Users\Jenny\.recently-used.xbel [2011.01.23 16:50:02 | 000,003,020 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\gooooooooooooil.rtf [2011.01.18 19:14:54 | 000,000,806 | ---- | M] () -- C:\Users\Jenny\Downloads\Desktop\Xchar Live.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.15 06:56:23 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.15 06:56:19 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.02.15 05:35:15 | 000,002,559 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\HiJackThis.lnk [2011.02.15 04:49:26 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml [2011.02.15 04:48:09 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.02.15 04:45:09 | 000,453,720 | ---- | C] () -- C:\Windows\SysNative\drivers\vsdatant.sys [2011.02.15 02:11:43 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.02.15 02:11:34 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys [2011.02.15 02:11:34 | 000,083,120 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.02.15 01:38:46 | 049,849,560 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\avira_antivir_personal611_de.exe [2011.02.14 23:42:08 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Erstelle eine Welt-Tool - Beta.lnk [2011.02.13 19:23:38 | 000,001,132 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\Landwirtschafts Simulator 2011 .lnk [2011.02.13 04:55:27 | 132,608,685 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\TheLostFarm.zip [2011.02.12 01:49:07 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2011.02.12 01:49:07 | 000,001,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2011.02.10 23:34:25 | 000,001,024 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\zt - Verknüpfung.lnk [2011.02.10 23:00:06 | 000,489,472 | -HS- | C] () -- C:\Windows\SysWow64\comminfo.dll [2011.02.10 22:57:44 | 000,072,192 | -HS- | C] () -- C:\Windows\SysWow64\imapispl.dll [2011.02.10 22:36:40 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk [2011.02.10 22:10:18 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Restaurant Empire.lnk [2011.02.10 21:46:58 | 000,001,177 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\Landwirtschafts Simulator 2011 Demo.lnk [2011.02.09 00:25:04 | 000,137,916 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\RD_EST_Verbandsinfo über kurzz. Vorhaltererh_2010719 V II.pdf [2011.01.29 19:36:59 | 000,415,431 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\zzzzzzzzzz_TerrainOverlayUpdate (1).z2f [2011.01.29 06:51:33 | 000,001,355 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\Dokument.rtf [2011.01.29 06:49:14 | 000,041,538 | ---- | C] () -- C:\Users\Jenny\.recently-used.xbel [2011.01.23 03:47:20 | 000,003,020 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\gooooooooooooil.rtf [2011.01.18 19:14:54 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xchar Live.lnk [2011.01.18 19:14:54 | 000,000,806 | ---- | C] () -- C:\Users\Jenny\Downloads\Desktop\Xchar Live.lnk [2011.01.03 00:59:00 | 000,024,226 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\UserTile.png [2010.10.14 22:23:34 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.06.04 12:16:30 | 000,000,355 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.05.28 01:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010.05.26 23:11:14 | 000,402,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_vcredistMSI4F46.txt [2010.05.26 23:11:14 | 000,011,402 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_vcredistUI4F46.txt [2010.05.20 09:23:15 | 000,424,158 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_vcredistMSI00C3.txt [2010.05.20 09:23:15 | 000,011,694 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_vcredistUI00C3.txt [2010.02.07 16:15:03 | 000,810,740 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_NET_Framework35_LangPack_MSI1A60.txt [2010.02.07 15:58:15 | 000,097,274 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_dotnetfx35install_lp.txt [2010.02.07 15:58:15 | 000,000,002 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_dotnetfx35error_lp.txt [2010.02.07 15:56:04 | 002,484,952 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_NET_Framework35_x64_MSI0BD9.txt [2010.02.03 14:19:03 | 000,103,424 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.01 17:24:59 | 000,631,219 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2010.02.01 17:24:55 | 000,670,402 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_dotnetfx35install.txt [2010.02.01 17:24:55 | 000,012,100 | ---- | C] () -- C:\Users\Jenny\AppData\Local\uxeventlog.txt [2010.02.01 17:24:55 | 000,001,966 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_dotnetfx35error.txt [2010.02.01 17:03:38 | 000,420,964 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_vcredistMSI6AC0.txt [2010.02.01 17:03:37 | 000,012,222 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_vcredistUI6AC0.txt [2010.02.01 16:30:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.01 15:46:54 | 000,417,922 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_vcredistMSI3005.txt [2010.02.01 15:46:53 | 000,011,462 | ---- | C] () -- C:\Users\Jenny\AppData\Local\dd_vcredistUI3005.txt [2010.01.31 23:16:12 | 000,001,356 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat [2010.01.31 23:16:10 | 000,000,552 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d8caps.dat [2010.01.31 22:35:11 | 001,106,332 | ---- | C] () -- C:\Programme\xp3264-7.7.0.329-whql.zip [2010.01.31 21:52:12 | 000,001,460 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps64.dat [2008.12.11 11:27:24 | 000,119,093 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist [2008.12.11 10:53:20 | 001,023,748 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\com.kennettnet.MusicRescue4.plist [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2011.02.13 17:52:59 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Azureus [2010.09.08 03:04:14 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\cbuenger [2011.02.15 04:52:13 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\CheckPoint [2011.02.08 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\click [2010.10.15 09:58:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.18 13:52:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Facebook [2011.01.29 06:49:14 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\gtk-2.0 [2010.09.15 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ICQ [2010.09.27 12:16:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Notepad++ [2010.05.26 23:14:11 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org [2010.07.20 22:13:45 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Opera [2011.01.03 00:59:00 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PeerNetworking [2010.04.11 03:59:40 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SchnellSchreiben [2010.02.08 23:37:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Shareaza [2010.03.04 15:06:23 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Thunderbird [2010.02.01 18:44:47 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TS3Client [2010.02.27 09:32:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2010.03.01 09:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wildlife Park 2 - Crazy Zoo [2010.02.27 09:29:03 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wildlife Park 2 - Marine World [2011.01.18 19:16:30 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\xcharlive.1655C4F6526B808855D0A24D09D32A2277FBA03C.1 [2011.02.13 02:13:00 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2011.02.15 15:23:07 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.05.25 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Adobe [2010.04.17 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Apple Computer [2011.02.15 02:15:54 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Avira [2011.02.13 17:52:59 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Azureus [2010.09.08 03:04:14 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\cbuenger [2011.02.15 04:52:13 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\CheckPoint [2011.02.08 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\click [2010.10.13 16:16:14 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\dvdcss [2010.10.15 09:58:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.18 13:52:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Facebook [2011.01.29 06:49:14 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\gtk-2.0 [2010.09.15 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ICQ [2010.01.31 21:52:25 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Identities [2010.01.31 23:59:44 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Macromedia [2011.02.15 06:56:29 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes [2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Media Center Programs [2010.09.04 00:51:04 | 000,000,000 | --SD | M] -- C:\Users\Jenny\AppData\Roaming\Microsoft [2010.03.02 13:16:23 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Microsoft Games [2010.01.31 23:01:54 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Mozilla [2010.09.27 12:16:09 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Notepad++ [2010.05.26 23:14:11 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\OpenOffice.org [2010.07.20 22:13:45 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Opera [2011.01.03 00:59:00 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PeerNetworking [2010.04.11 03:59:40 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SchnellSchreiben [2010.02.08 23:37:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Shareaza [2011.01.29 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Skype [2011.01.29 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\skypePM [2010.03.04 15:06:23 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Thunderbird [2010.02.01 18:44:47 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\TS3Client [2011.02.13 05:35:15 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\vlc [2010.02.27 09:32:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2010.03.01 09:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wildlife Park 2 - Crazy Zoo [2010.02.27 09:29:03 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Wildlife Park 2 - Marine World [2011.01.18 19:16:30 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\xcharlive.1655C4F6526B808855D0A24D09D32A2277FBA03C.1 [2010.06.02 14:34:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Xfire < %APPDATA%\*.exe /s > [2011.02.10 23:24:01 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Jenny\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2010.05.18 13:52:09 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Jenny\AppData\Roaming\Facebook\uninstall.exe [2011.01.18 19:14:03 | 000,038,784 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.02.15 05:35:17 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Jenny\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe [2010.06.16 14:05:52 | 000,010,134 | R--- | M] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:46:51 | 000,064,568 | ---- | M] () MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 03:46:50 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys [2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 12:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe [2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:46:59 | 000,290,872 | ---- | M] () MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:51:03 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll [2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 03:46:54 | 000,054,328 | ---- | M] () MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.08.19 03:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP79\IDE\WinVista\sataraid\nvstor32.sys [2008.08.19 03:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP79\IDE\WinVista\sata_ide\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2008.01.21 03:48:29 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2008.01.21 03:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:49:42 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.02.10 22:57:44 | 000,072,192 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\imapispl.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Jenny\Downloads:Shareaza.GUID < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.02.2011 16:36:27 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Jenny\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 34,96 Gb Free Space | 24,27% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 88,88 Gb Free Space | 61,71% Space Free | Partition Type: NTFS
Drive E: | 4,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: JENNY-PC | User Name: Jenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1048853084-1438700988-2564156336-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Jenny\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9E3EF1-B710-47B1-85F4-9342B016EE22}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2FFC954A-E747-498E-8D9B-C65EAD7A2669}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4486D6C4-08C0-47F4-9C48-2D3699F3CE24}" = rport=139 | protocol=6 | dir=out | app=system |
"{5C9921A4-0AAA-41B1-84CC-ECAF7196FB0B}" = rport=445 | protocol=6 | dir=out | app=system |
"{5F179EF4-09A8-4031-8564-58D3A08A736D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{63360094-50B5-4900-A261-53C35A1DC708}" = lport=139 | protocol=6 | dir=in | app=system |
"{705C13A6-BA84-4423-8B3B-E998D55E89C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{73B5A5B8-14F2-4CE2-B88D-9DDD7744F5BF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7B3C5F7E-CD82-41DE-8794-EA6D3B3A5F5B}" = lport=445 | protocol=6 | dir=in | app=system |
"{7E7C131B-7C84-4A91-AB09-2AEA207EB60F}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{85F7A402-913B-49AD-AD8C-829E860F8F36}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B28533C-33DD-4044-9205-C0DD2D3B454A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{90E5B748-B9B8-43BA-97AA-FA0150A0976F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A14A8E3-A510-4515-A553-ACC4A7C9FA73}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9AC5AAB7-EB94-4239-8D75-1B932BE81C03}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AC35521A-1632-40BA-88D7-E6AB7754711A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B38E3E1A-2F96-4E30-9A34-335505AE1853}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B9DCE538-2DDD-41D2-B82D-7460D33255B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE0760EB-8275-487F-A62F-502A86F0E98E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D14E591A-0751-45E3-AE1F-1E65E0C66F32}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D5D75441-B4DB-47F5-8473-ACFB065E8361}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DABB67D5-4AC0-43EC-A31E-D9B5753B04A5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DC3F9E8C-32E9-48F8-942C-134ABEC3006E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E1D57087-A964-497E-89EF-973F7B7308A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED63B38D-C228-4BE8-B272-095A7BB79CE3}" = lport=138 | protocol=17 | dir=in | app=system |
"{EF665286-93AA-4062-8A70-CD4B35575178}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{EFE33D56-28C6-4006-AE3B-9E32010323AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F1BEF5C7-CF0E-425B-88E4-8CE111874324}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6E0FB1B-A934-4FB3-A2FF-BD83B7C2AD1F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F9469308-6BCE-4C47-9873-A99C7C52CA8D}" = lport=137 | protocol=17 | dir=in | app=system |
"{FD53D5C0-F461-4D37-BB74-550D1E373CC6}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE04EA09-37A6-4982-B758-784228C0E458}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A81043-7796-41E3-BC3C-49B1C3B236EC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0B8CA0A9-AF2F-4C29-AC17-EA29AC326E96}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{11D12195-8A89-4D7B-BE1E-DD0B343942E7}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{17951A3D-891C-4AE5-965D-CF0C2E4CCE1C}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{1C99CC90-B23D-4D01-832D-1418B5C9ED0A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{1E272962-E9DE-4EB6-98D6-DEB38565C44C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{23CA455D-8FF2-4871-88E8-9D7F162CF43E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{25523BD5-2BD7-4BE6-951E-90039650A4DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2EF7DEF0-95F8-475B-B27D-F0FA9C405261}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32852F5D-DE31-468C-BE48-0A678B9BB093}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{33B3A4CF-1E8A-4945-B063-D5C7FC48AEA1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{3A628128-3359-4490-AFDC-DF07C7E39EFF}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{3A7D84CF-D147-4709-BA00-91B080A154BD}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011 demo\game.exe |
"{3ADEAD8F-FBE4-4BC1-8DDF-3127A616602E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3D3FF7D2-39AF-4EC4-884A-1F708BC43584}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4173FE29-A87E-4003-A4D6-10555B4BD65E}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{4454D8F6-9CD3-4C39-A56A-AD07E121A845}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{4DA1B8B2-0F14-451E-9582-861E0D437374}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{4F58AF55-590B-4943-B060-EE284AF4FBA3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4FCE6D0D-0E9D-4F5C-9F89-6728B8B6F2AF}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{549C980C-4DCE-4C0B-A477-5A41995C8FF0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{58DA634E-D431-4CFC-9B6F-5541813CFB52}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe |
"{678A4FC3-0E3E-4906-AF76-14DD8246C03A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6A7DFC96-A164-4368-9635-D8E559445048}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7047F758-D08C-4788-8E38-030D14C4CAD6}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{71745BB1-D72E-41EC-9326-BEBF0DAE8B19}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{7543FBC7-4866-48F0-B1DD-2E77F4A2D5E6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{7ADD9701-67E2-43CA-BBC3-74D0C5F201D3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{83400D6D-F526-47E1-92F7-D362BE9B10EC}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011 demo\game.exe |
"{8671DA6B-B3E8-4B23-B968-1C7ED2FD0FAF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{8AE1480F-5D28-4F87-AE56-2881001D9742}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{8CCC2A1C-C48A-4595-A5D9-C82A1B9A26FD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{936C00B4-D245-4D6C-85B8-6BFD6F28D1F1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9A0A95FC-3C9E-40C7-B8E8-C0944122ECC2}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{9A22B75F-326D-4B83-B1D9-3B860A254033}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A0B38BAE-3F47-4DA7-8C15-B9AB65B15F40}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{A2C1572A-544D-448C-A044-C0AD4EAE1E32}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{A3BB45CB-3D51-43EA-8C49-F8871D7356E8}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{A4AAEB30-AB6C-4725-9B12-32EE0BADE032}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{A5F67407-81F0-41D4-967E-09C49A6CD353}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B9EE1C75-3082-4C70-8AC9-EBFF3A5DE8E6}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{BBB13935-F617-42BD-A655-0B5D505F0DE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{C4C05AF2-D2A2-4FFD-926F-B6852A17D540}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C9962595-2BD4-4E0A-909A-1BFB600E2E36}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CBEFEBC9-A953-4C86-A0FF-8449C080ECB8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D1A71CC6-734A-4CB0-8A7B-C59EA8CDC48E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E78FDB5D-7AC0-48D0-A5A2-39403048FD59}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{E7FE9AE1-6EE2-4AAD-BC75-DE24FAC05FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{E894F62D-788F-4137-B4F3-811645031522}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E895698F-FE96-4AC7-9473-75456B1DCEF3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E916F540-479A-4952-A241-8F4C03CC6C1B}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{E9FCC38D-84BE-42AC-97EE-A48390720616}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC89B534-483D-47CF-AE50-0297DA12EA57}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{F72EFB69-68D9-4289-89F4-4BF5C6A635D6}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe |
"{FABE791F-89FE-4AA4-A91E-121E04348BFE}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"TCP Query User{05D8C4A8-0356-46FE-B19F-E97561EE2624}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{0613C043-C688-4632-BFEA-ADF8086102E5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{0B529590-B06A-421B-B4E4-AAA84F104567}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{14677945-8DD0-4E6A-B79C-FCFE02B01A95}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"TCP Query User{160380B5-24FE-4AB3-A62A-F6ACD420BA60}D:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"TCP Query User{1EA4E6DA-8FD0-4D43-B572-DF4E1EF78872}C:\program files (x86)\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"TCP Query User{3BE7CA22-74E8-44D5-B992-523521625A97}C:\program files (x86)\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe |
"TCP Query User{3D9DA8D3-04D1-4C4B-BB03-1C6ECAADBDA8}D:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\blizzard downloader.exe |
"TCP Query User{4047EC8C-7D77-45D1-AAD0-687666A2F3A2}C:\program files (x86)\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe |
"TCP Query User{4F7F6996-D0BC-4338-BDA1-4E16486C3062}D:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe |
"TCP Query User{5DFC0B54-A9C6-48AA-BA9C-4FFAB3BB2135}D:\spiele\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1701\anno1701.exe |
"TCP Query User{5EDFE4D0-352C-4119-895D-3240B09E6F7A}C:\program files (x86)\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"TCP Query User{6068D593-8AD0-4534-9F97-70F95AFFEA5E}D:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{704B6669-7BDB-4902-B8D4-70D61049A3BA}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{717853CE-98FA-41AC-8923-CA5417635342}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{753B41D5-DA73-4A78-BB9F-4E68AEA21717}C:\users\jenny\appdata\local\temp\odbccap.exe" = protocol=6 | dir=in | app=c:\users\jenny\appdata\local\temp\odbccap.exe |
"TCP Query User{7D16FEFB-5D87-4514-A845-E9AEE8707D23}D:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"TCP Query User{7F05218B-5E2E-4E91-8CCA-EA67697AA5CC}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{8035F405-D47C-4F53-91BF-0EE5E3A88EA4}D:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"TCP Query User{A3E3A5C7-FCB1-49AE-A28F-9DD2C4715932}D:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"TCP Query User{ADA95796-D8E6-4F32-8F4F-A8AF959E38C6}D:\spiele\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\spiele\runes of magic\client.exe |
"TCP Query User{BC2BB0A2-1F65-4029-AEA4-D11BD1AD70B2}C:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"TCP Query User{D1B9FA6A-A5AD-4EB5-A2C3-EF7550CD65B5}C:\program files (x86)\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"TCP Query User{D32610B2-D78F-4A83-AFAD-6220C8B1A35E}D:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"TCP Query User{F84BD2D8-8687-46BB-8E74-7E1CEBA45A25}D:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"TCP Query User{F9A77CCC-D174-41C9-AC3E-710C8753F631}D:\world of warcraft\repair.exe" = protocol=6 | dir=in | app=d:\world of warcraft\repair.exe |
"UDP Query User{055CCBD7-461F-46FE-90C1-25A996A8FF29}C:\users\jenny\appdata\local\temp\odbccap.exe" = protocol=17 | dir=in | app=c:\users\jenny\appdata\local\temp\odbccap.exe |
"UDP Query User{135C7D26-E4BB-423F-893A-209C551D2D58}D:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"UDP Query User{19986B6F-B813-4B51-8F93-5F3F2C737DD1}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{1CC3F523-7700-49AA-8055-0165C16DB9AC}D:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe |
"UDP Query User{2309EB5D-C3F3-4946-870C-DE27643C9CE3}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{2C061541-CD63-40A8-97F0-83330C80E3F9}D:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"UDP Query User{2D406E63-E1D3-4EF0-96E3-EE99EAE5BE58}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"UDP Query User{3A593BA5-3883-4701-AE6F-9A5FDE28930E}D:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"UDP Query User{507024A6-C343-4998-ACC2-C8CCEA96FE50}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{530195A9-ED1A-4B65-AD08-09F44AA6EF97}C:\program files (x86)\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\safari.exe |
"UDP Query User{694D3DF7-27E8-422F-B539-381FD72C89CC}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{71C8583F-D2F4-404F-8EEF-3E98FD14BF8A}D:\world of warcraft\repair.exe" = protocol=17 | dir=in | app=d:\world of warcraft\repair.exe |
"UDP Query User{7ED44C03-32CD-4FAD-B8EE-269B241096E9}D:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"UDP Query User{83000CD1-4412-49C2-951C-7E7E9DED82B3}C:\program files (x86)\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"UDP Query User{91CD5F1F-36C5-46CA-A946-B186BF1BD3B6}D:\spiele\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\spiele\runes of magic\client.exe |
"UDP Query User{97204BA9-D7AD-43A3-9609-F8EE927625AA}C:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"UDP Query User{AEAE135D-E93F-437F-9CFA-D18867EEF934}C:\program files (x86)\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza\shareaza.exe |
"UDP Query User{B63F3A0D-F7F3-4FCE-96B3-420AAA5A2961}C:\program files (x86)\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"UDP Query User{C9E6026A-30A3-4FAA-B878-6C46E0E2DE88}D:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"UDP Query User{CAA16197-EE67-4AA0-A937-E9A13FD8C87B}D:\spiele\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1701\anno1701.exe |
"UDP Query User{CE957071-5CFB-42F7-B55F-1869C9ABE4DB}C:\program files (x86)\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe |
"UDP Query User{DE66B086-5777-49B7-B574-8835E6802154}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{E177E9A8-1306-4E32-8DF8-341B7C695350}D:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{F80A9744-3C4A-4E46-9DFC-D54D813800A4}D:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{F89C9EFC-05E2-476D-831A-C5051000B67E}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{F9C4488D-3DCC-469B-9274-BDFBCE6708F4}D:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\blizzard downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver 14.0 Rel. 5
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3364BD16-5A28-4862-86A1-A8FF5FD23919}" = Music Rescue
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{740B51D7-C903-4536-9530-B6304C937F51}" = Wildlife Park 2 Familien Edition
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EABB309-64F7-11D7-B796-0050BFE4DB80}" = Restaurant Empire
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D815AEE6-1FEE-C3FC-7645-77CF6FF8ECFD}" = Xchar Live
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FFDC4005-E968-498D-93C8-CC148742167D}}_is1" = Wecker für Windows 6.5
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"FarmingSimulator2011DemoDE_is1" = Landwirtschafts Simulator 2011 Demo
"FormatFactory" = FormatFactory 2.50
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"giants_editor_4.1.7_is1" = GIANTS Editor 4.1.7
"Google Desktop" = Google Desktop
"InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"My Horse and Me 2" = Mein Pferd und ich 2
"NifSkope" = NifSkope (remove only)
"Notepad++" = Notepad++
"Schnell Schreiben_is1" = Schnell Schreiben 3.4.6
"Shareaza_is1" = Shareaza 2.5.3.0
"ST6UNST #1" = BEWERBUNGS-MASTER AZUBI
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Thanksgiving Pack" = Thanksgiving Pack
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"xcharlive.1655C4F6526B808855D0A24D09D32A2277FBA03C.1" = Xchar Live
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"ZoneAlarm" = ZoneAlarm
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1048853084-1438700988-2564156336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"European Expeditions" = European Expeditions
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Radical Remake - Part 1" = Radical Remake - Part 1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.02.2011 23:21:42 | Computer Name = Jenny-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.02.2011 23:23:14 | Computer Name = Jenny-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel
0x4ccf92fb, fehlerhaftes Modul comminfo.dll, Version 0.0.0.0, Zeitstempel 0x4d399e97,
Ausnahmecode 0xc0000005, Fehleroffset 0x00037fd2, Prozess-ID 0xd60, Anwendungsstartzeit
01cbccbf8acd8b5f.
Error - 14.02.2011 23:47:02 | Computer Name = Jenny-PC | Source = Application Hang | ID = 1002
Description = Programm GLBE1F5.tmp, Version 9.2.58.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 104c Anfangszeit: 01cbccc2ac69e2bf Zeitpunkt der Beendigung:
15
Error - 14.02.2011 23:48:23 | Computer Name = Jenny-PC | Source = Software Licensing Service | ID = 8198
Description = Die Lizenzaktivierung (SLUINotify.dll) ist mit folgendem Fehlercode
fehlgeschlagen: 0x80070057
Error - 14.02.2011 23:55:42 | Computer Name = Jenny-PC | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'avgntflt' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0xffffffff
Error - 14.02.2011 23:56:43 | Computer Name = Jenny-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.02.2011 00:11:18 | Computer Name = Jenny-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.02.2011 01:28:27 | Computer Name = Jenny-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.02.2011 08:13:38 | Computer Name = Jenny-PC | Source = Software Licensing Service | ID = 8198
Description = Die Lizenzaktivierung (SLUINotify.dll) ist mit folgendem Fehlercode
fehlgeschlagen: 0x80070057
Error - 15.02.2011 10:25:49 | Computer Name = Jenny-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 16.09.2010 15:42:47 | Computer Name = Jenny-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.09.2010 um 21:33:54 unerwartet heruntergefahren.
Error - 16.09.2010 15:42:51 | Computer Name = Jenny-PC | Source = HTTP | ID = 15016
Description =
Error - 17.09.2010 05:52:53 | Computer Name = Jenny-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.09.2010 um 11:49:53 unerwartet heruntergefahren.
Error - 17.09.2010 05:52:55 | Computer Name = Jenny-PC | Source = HTTP | ID = 15016
Description =
Error - 17.09.2010 13:15:43 | Computer Name = Jenny-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.09.2010 um 18:50:49 unerwartet heruntergefahren.
Error - 17.09.2010 13:15:48 | Computer Name = Jenny-PC | Source = HTTP | ID = 15016
Description =
Error - 17.09.2010 18:13:11 | Computer Name = Jenny-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.09.2010 um 22:54:37 unerwartet heruntergefahren.
Error - 17.09.2010 18:13:14 | Computer Name = Jenny-PC | Source = HTTP | ID = 15016
Description =
Error - 17.09.2010 18:28:27 | Computer Name = Jenny-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.09.2010 um 00:20:09 unerwartet heruntergefahren.
Error - 17.09.2010 18:28:33 | Computer Name = Jenny-PC | Source = HTTP | ID = 15016
Description =
< End of report >
 |
|
15.02.2011, 17:11
| #4 |
| /// Malware-holic | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000..\Run: [comminfo.dll] C:\Users\Jenny\AppData\Local\Temp\comminfo.dll () O4 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000..\Run: [comminfo.dll_xserve] C:\Users\Jenny\AppData\Local\Temp\comminfo.dll () O4 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000..\Run: [EA Core] File not found O4 - HKU\S-1-5-21-1048853084-1438700988-2564156336-1000..\Run: [imapispl.dll] C:\Windows\SysWOW64\imapispl.dll () O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - File not found O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found O20 - AppInit_DLLs: (comminfo.dll) - C:\Windows\SysWow64\comminfo.dll () O20 - AppInit_DLLs: (imapispl.dll) - C:\Windows\SysWow64\imapispl.dll () :Files C:\Windows\SysWow64\comminfo.dll C:\Windows\SysWow64\imapispl.dll :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2011, 17:30
| #5 |
| | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( So Datei ist hochgeladen, hoffentlich alles richtig. Aber ich glaube es hat funktioniert, weil ich beim Start 3 Fehlermeldungen bekam, das comminfo.dl und noch irgendeine datei mit .dl nicht ausgeführt werden konnte. Und hier das was nach dem Neustart kam : Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1048853084-1438700988-2564156336-1000\Software\Microsoft\Windows\CurrentVersion\Run\\comminfo.dll deleted successfully.
File move failed. C:\Users\Jenny\AppData\Local\Temp\comminfo.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-1048853084-1438700988-2564156336-1000\Software\Microsoft\Windows\CurrentVersion\Run\\comminfo.dll_xserve deleted successfully.
File move failed. C:\Users\Jenny\AppData\Local\Temp\comminfo.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-1048853084-1438700988-2564156336-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1048853084-1438700988-2564156336-1000\Software\Microsoft\Windows\CurrentVersion\Run\\imapispl.dll deleted successfully.
File move failed. C:\Windows\SysWOW64\imapispl.dll scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:comminfo.dll deleted successfully.
C:\Windows\SysWOW64\comminfo.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:imapispl.dll deleted successfully.
File move failed. C:\Windows\SysWOW64\imapispl.dll scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\Windows\SysWow64\comminfo.dll not found.
File move failed. C:\Windows\SysWow64\imapispl.dll scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: ALLE
User: AppData
User: Default
->Flash cache emptied: 41620 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Jenny
->Flash cache emptied: 120431 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: ALLE
->Temp folder emptied: 32671 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Apple Safari cache emptied: 14336 bytes
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jenny
->Temp folder emptied: 341939784 bytes
->Temporary Internet Files folder emptied: 80664284 bytes
->Java cache emptied: 36458572 bytes
->FireFox cache emptied: 66413860 bytes
->Google Chrome cache emptied: 45014859 bytes
->Apple Safari cache emptied: 183866368 bytes
->Opera cache emptied: 6383482 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22105273 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 886709309 bytes
Total Files Cleaned = 1.592,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02152011_171351
Files\Folders moved on Reboot...
File\Folder C:\Users\Jenny\AppData\Local\Temp\comminfo.dll not found!
C:\Windows\SysWOW64\imapispl.dll moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFY84QWC\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7I7WPD3\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1XA5R8E\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSD49RUL\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Hoffnungsvolle Grüße und nochmals VIELEN lieben Dank  |
|
15.02.2011, 17:34
| #6 |
| /// Malware-holic | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( kannst du mal bitte neustarten und dann moved files erneut packen und hochladen? da scheint was schief gegangen zu sein
__________________ --> bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( |
|
15.02.2011, 17:42
| #7 |
| | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( ok noch einmal hochgeladen... |
|
15.02.2011, 17:50
| #8 |
| /// Malware-holic | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =(
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2011, 18:20
| #9 |
| | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( OK hier mein Combofix log: Code:
ATTFilter ComboFix 11-02-15.01 - Jenny 15.02.2011 17:59:21.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3837.2579 [GMT 1:00]
ausgeführt von:: c:\users\Jenny\Downloads\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Desktop
D:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-15 bis 2011-02-15 ))))))))))))))))))))))))))))))
.
2011-02-15 16:13 . 2011-02-15 16:40 -------- d-----w- C:\_OTL
2011-02-15 05:56 . 2011-02-15 05:56 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes
2011-02-15 05:56 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-15 05:56 . 2011-02-15 05:56 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 05:56 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 05:56 . 2011-02-15 05:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-15 04:35 . 2011-02-15 04:35 388096 ----a-r- c:\users\Jenny\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-15 04:35 . 2011-02-15 04:35 -------- d-----w- c:\program files (x86)\TrendMicro
2011-02-15 03:52 . 2011-02-15 03:52 -------- d-----w- c:\users\Jenny\AppData\Roaming\CheckPoint
2011-02-15 03:51 . 2011-02-15 03:51 -------- d-----w- c:\program files (x86)\ZoneAlarm-Sicherheit
2011-02-15 03:49 . 2011-02-15 03:49 -------- d-----w- c:\program files\CheckPoint
2011-02-15 03:49 . 2010-06-28 12:00 46592 ----a-w- c:\windows\SysWow64\vsutil_loc0407.dll
2011-02-15 03:48 . 2010-06-28 11:59 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-02-15 03:48 . 2010-06-28 11:59 103936 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-02-15 03:48 . 2011-02-15 03:52 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2011-02-15 03:48 . 2010-06-28 11:59 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-02-15 03:45 . 2011-02-15 03:45 -------- d-----w- c:\program files (x86)\Zone Labs
2011-02-15 03:45 . 2010-05-15 15:30 453720 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-02-15 03:44 . 2011-02-15 03:44 -------- d-----w- c:\programdata\CheckPoint
2011-02-15 03:44 . 2011-02-15 17:09 -------- d-----w- c:\windows\Internet Logs
2011-02-15 01:15 . 2011-02-15 01:15 -------- d-----w- c:\users\Jenny\AppData\Roaming\Avira
2011-02-15 01:11 . 2011-02-15 01:11 -------- d-----w- c:\programdata\Avira
2011-02-15 01:11 . 2011-01-10 13:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-15 01:11 . 2011-01-10 13:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-13 18:21 . 2011-02-13 18:23 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2011
2011-02-12 15:08 . 2011-02-12 15:08 -------- d-----w- c:\users\Jenny\AppData\Local\GIANTS Editor 4.1.7
2011-02-12 13:51 . 2011-02-12 13:51 -------- d-----w- c:\program files (x86)\GIANTS Software
2011-02-10 22:27 . 2011-02-10 22:27 -------- d-----w- c:\program files (x86)\ConduitEngine
2011-02-10 21:36 . 2011-02-10 21:36 -------- d-----w- c:\programdata\eMule
2011-02-10 21:35 . 2011-02-10 21:35 -------- d-----w- c:\users\Jenny\AppData\Local\eMule
2011-02-10 21:35 . 2011-02-10 21:35 -------- d-----w- c:\program files (x86)\eMule
2011-02-10 21:07 . 2011-02-10 21:07 -------- d-----w- c:\program files (x86)\Enlight
2011-02-10 21:07 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-02-10 21:07 . 2001-09-05 02:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-02-10 21:07 . 2001-09-05 02:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-02-10 21:07 . 2001-09-05 02:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-02-10 20:47 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-02-10 20:45 . 2011-02-10 20:46 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2011 Demo
2011-02-09 01:13 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C97408C5-D5B5-4C46-ABCD-E25FDDAFF72E}\mpengine.dll
2011-02-08 13:28 . 2011-02-08 13:28 -------- d-----w- c:\users\Jenny\AppData\Roaming\click
2011-01-18 18:16 . 2011-01-18 18:16 -------- d-----w- c:\users\Jenny\AppData\Roaming\xcharlive.1655C4F6526B808855D0A24D09D32A2277FBA03C.1
2011-01-18 18:14 . 2011-01-18 18:14 -------- d-----w- c:\program files (x86)\Xchar Live
2011-01-18 18:14 . 2011-01-18 18:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-12-31 10:53 2349080 ----a-w- c:\program files (x86)\XfireXO\tbXfir.dll
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuz0.dll
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 10:50 2517088 ----a-w- c:\program files (x86)\ZoneAlarm-Sicherheit\tbZone.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2009-12-31 2349080]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuz0.dll" [2010-10-18 3908192]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-17 30192]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-28 1043968]
c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-7 0]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2010-4-5 494920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-19 1038088]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-17 30192]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 823288]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [2008-09-29 390656]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
.
Inhalt des "geplante Tasks" Ordners
2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1048853084-1438700988-2564156336-1000Core.job
- c:\users\Jenny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 10:19]
2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1048853084-1438700988-2564156336-1000UA.job
- c:\users\Jenny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 10:19]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-06-15 1123320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook64.dll/3000
IE: Free YouTube to Mp3 Converter - c:\users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\znl714wi.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Wow6432Node-HKCU-Run-imapispl.dll - c:\windows\SysWOW64\imapispl.dll
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-15 18:16:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-15 17:16
Vor Suchlauf: 13 Verzeichnis(se), 38.566.797.312 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 38.372.196.352 Bytes frei
- - End Of File - - 654DF11F4925806A89F4DF36017BDAC9
|
|
15.02.2011, 18:31
| #10 |
| /// Malware-holic | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =(
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2011, 19:04
| #11 |
| | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( Ok hier der GMER Report : Combofix Logfile: Code:
ATTFilter ComboFix 11-02-15.01 - Jenny 15.02.2011 17:59:21.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3837.2579 [GMT 1:00]
ausgeführt von:: c:\users\Jenny\Downloads\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Desktop
D:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-15 bis 2011-02-15 ))))))))))))))))))))))))))))))
.
2011-02-15 16:13 . 2011-02-15 16:40 -------- d-----w- C:\_OTL
2011-02-15 05:56 . 2011-02-15 05:56 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes
2011-02-15 05:56 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-15 05:56 . 2011-02-15 05:56 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 05:56 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 05:56 . 2011-02-15 05:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-15 04:35 . 2011-02-15 04:35 388096 ----a-r- c:\users\Jenny\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-15 04:35 . 2011-02-15 04:35 -------- d-----w- c:\program files (x86)\TrendMicro
2011-02-15 03:52 . 2011-02-15 03:52 -------- d-----w- c:\users\Jenny\AppData\Roaming\CheckPoint
2011-02-15 03:51 . 2011-02-15 03:51 -------- d-----w- c:\program files (x86)\ZoneAlarm-Sicherheit
2011-02-15 03:49 . 2011-02-15 03:49 -------- d-----w- c:\program files\CheckPoint
2011-02-15 03:49 . 2010-06-28 12:00 46592 ----a-w- c:\windows\SysWow64\vsutil_loc0407.dll
2011-02-15 03:48 . 2010-06-28 11:59 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-02-15 03:48 . 2010-06-28 11:59 103936 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-02-15 03:48 . 2011-02-15 03:52 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2011-02-15 03:48 . 2010-06-28 11:59 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-02-15 03:45 . 2011-02-15 03:45 -------- d-----w- c:\program files (x86)\Zone Labs
2011-02-15 03:45 . 2010-05-15 15:30 453720 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-02-15 03:44 . 2011-02-15 03:44 -------- d-----w- c:\programdata\CheckPoint
2011-02-15 03:44 . 2011-02-15 17:09 -------- d-----w- c:\windows\Internet Logs
2011-02-15 01:15 . 2011-02-15 01:15 -------- d-----w- c:\users\Jenny\AppData\Roaming\Avira
2011-02-15 01:11 . 2011-02-15 01:11 -------- d-----w- c:\programdata\Avira
2011-02-15 01:11 . 2011-01-10 13:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-15 01:11 . 2011-01-10 13:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-13 18:21 . 2011-02-13 18:23 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2011
2011-02-12 15:08 . 2011-02-12 15:08 -------- d-----w- c:\users\Jenny\AppData\Local\GIANTS Editor 4.1.7
2011-02-12 13:51 . 2011-02-12 13:51 -------- d-----w- c:\program files (x86)\GIANTS Software
2011-02-10 22:27 . 2011-02-10 22:27 -------- d-----w- c:\program files (x86)\ConduitEngine
2011-02-10 21:36 . 2011-02-10 21:36 -------- d-----w- c:\programdata\eMule
2011-02-10 21:35 . 2011-02-10 21:35 -------- d-----w- c:\users\Jenny\AppData\Local\eMule
2011-02-10 21:35 . 2011-02-10 21:35 -------- d-----w- c:\program files (x86)\eMule
2011-02-10 21:07 . 2011-02-10 21:07 -------- d-----w- c:\program files (x86)\Enlight
2011-02-10 21:07 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-02-10 21:07 . 2001-09-05 02:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-02-10 21:07 . 2001-09-05 02:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-02-10 21:07 . 2001-09-05 02:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-02-10 20:47 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-02-10 20:45 . 2011-02-10 20:46 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2011 Demo
2011-02-09 01:13 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C97408C5-D5B5-4C46-ABCD-E25FDDAFF72E}\mpengine.dll
2011-02-08 13:28 . 2011-02-08 13:28 -------- d-----w- c:\users\Jenny\AppData\Roaming\click
2011-01-18 18:16 . 2011-01-18 18:16 -------- d-----w- c:\users\Jenny\AppData\Roaming\xcharlive.1655C4F6526B808855D0A24D09D32A2277FBA03C.1
2011-01-18 18:14 . 2011-01-18 18:14 -------- d-----w- c:\program files (x86)\Xchar Live
2011-01-18 18:14 . 2011-01-18 18:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-12-31 10:53 2349080 ----a-w- c:\program files (x86)\XfireXO\tbXfir.dll
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuz0.dll
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 10:50 2517088 ----a-w- c:\program files (x86)\ZoneAlarm-Sicherheit\tbZone.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\tbXfir.dll" [2009-12-31 2349080]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuz0.dll" [2010-10-18 3908192]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-17 30192]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-28 1043968]
c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-7 0]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2010-4-5 494920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-19 1038088]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-17 30192]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 823288]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [2008-09-29 390656]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
.
Inhalt des "geplante Tasks" Ordners
2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1048853084-1438700988-2564156336-1000Core.job
- c:\users\Jenny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 10:19]
2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1048853084-1438700988-2564156336-1000UA.job
- c:\users\Jenny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-21 10:19]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-06-15 1123320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook64.dll/3000
IE: Free YouTube to Mp3 Converter - c:\users\Jenny\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\znl714wi.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Wow6432Node-HKCU-Run-imapispl.dll - c:\windows\SysWOW64\imapispl.dll
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-15 18:16:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-15 17:16
Vor Suchlauf: 13 Verzeichnis(se), 38.566.797.312 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 38.372.196.352 Bytes frei
- - End Of File - - 654DF11F4925806A89F4DF36017BDAC9
Es kam eine Meldung, dass er nichts gefunden hat. Ist nun wieder alles in Ordnung ? Ich habe auch keine seltsamen Prozesse mehr in meinem Taskmanager. |
|
15.02.2011, 19:07
| #12 |
| /// Malware-holic | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( das ist sicher nicht der GMER report :-) schau mal was andem report drann steht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2011, 19:54
| #13 |
| | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( Ok da ist dann wohl was schief gelaufen. Ich habe jetzt nochmal alles beendet und noch einen Scan machen lassen. Am Schluss kommt einfach die Meldung: GMER hasn´t found any system modification. Und wenn ich dann auf Copy gehe, ist auch nichts im Zwischenspeicher. War es das nun ? Oder habe ich was falsch gemacht ?? |
|
15.02.2011, 20:01
| #14 |
| /// Malware-holic | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( hast du GMER nur laufen lassen oder hast du auch den kompletten scan ausgeführt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2011, 20:03
| #15 |
| | bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( Ich habe schon auf Scan gedrückt und er hat auch eine ganze Weile gescannt. |
|
| Themen zu bekomme den Trojaner Trojan.TempPW.Gen nicht von meinem Laptop =( |
| abgesicherten, antivir, brauch, explorer, falsch, google, hijack, hijackthis, iexplore.exe, internet explorer, internetexplorer, langer, langsam, laptop, modus, nichts, problem, scan, scannen, sperren, suche, taskmanager, trojaner, wirklich, zonealarm |
Linear-Darstellung
