| |
| |||||||
Log-Analyse und Auswertung: www.directrdr.com öffnet sich immer bei FirefoxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.03.2011, 11:35
| #1 |
 |  www.directrdr.com öffnet sich immer bei Firefox Hallo zusammen, seit ein paar tagen habe ich folgendes problem: www.directrdr.com --> diese website öffnet sich immer wieder von alleine auf meinem browser. Habe win7 installiert. Habe auch schon das Antivir von Windows (Microsoft Security Essentials) drüber laufen lassen, doch die Meldung ist nach wie vor da. Was kann ich noch tun??? Außderdem habe ich das Gefühl, mein System lahmt.... |
|
02.03.2011, 11:48
| #2 |
| | www.directrdr.com öffnet sich immer bei Firefox hier auch ein log:
__________________HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:46:30, on 02.03.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Users\XXX.XXX\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: closespace - {704dbbed-c51b-481b-c378-2dc8f2793a43} - C:\Windows\system32\L-0Isx_.dll O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit0.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: FRITZ!Fernzugang.lnk = C:\Program Files\FRITZ!Fernzugang\FRITZVPN.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hep.local O17 - HKLM\Software\..\Telephony: DomainName = hep.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hep.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hep.local O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVM FRITZ!Fernzugang IKE Service (avmike) - AVM Berlin - C:\Program Files\FRITZ!Fernzugang\avmike.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: AVM FRITZ!Fernzugang Cert Service (certsrv) - AVM Berlin - C:\Program Files\FRITZ!Fernzugang\certsrv.exe O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: AVM FRITZ!Fernzugang Client (nwtsrv) - AVM Berlin - C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 6909 bytes |
|
02.03.2011, 12:14
| #3 |
| /// Malware-holic   | www.directrdr.com öffnet sich immer bei Firefox bitte keine HijackThis logs mehr, die bringen nicht die gewünschten infos!
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
02.03.2011, 14:00
| #4 |
| | www.directrdr.com öffnet sich immer bei Firefox OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.03.2011 12:32:15 - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\XXXX.HEP\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 50,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,03 Gb Total Space | 22,75 Gb Free Space | 29,16% Space Free | Partition Type: NTFS Drive D: | 65,05 Gb Total Space | 28,33 Gb Free Space | 43,55% Space Free | Partition Type: NTFS Computer Name: XXXX | User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXXX.HEP\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) PRC - C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) PRC - C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin) PRC - D:\Cccam\CCcamInfoPHPbyTayrax\CCcamInfoPHP-v1.6.by-tayrax.exe (Timo Haberkern) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\XXXX.HEP\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CSIScanner) -- File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) SRV - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) SRV - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (pxscan) -- File not found DRV - (pxrts) -- File not found DRV - (pxkbf) -- File not found DRV - (MpKslf7b3a8df) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9229576A-054C-4B3A-945F-1926633840B6}\MpKslf7b3a8df.sys (Microsoft Corporation) DRV - (MpKsl154fbe5d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9229576A-054C-4B3A-945F-1926633840B6}\MpKsl154fbe5d.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NWIM) -- C:\Windows\System32\drivers\avmnwim.sys (AVM Berlin) DRV - (MCHPUSB) -- C:\Windows\System32\drivers\mchpusb.sys (Microchip Technology, Inc.) DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI) DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation) DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation) DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation) DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation) DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Programme\BitTorrentBar\tbBit0.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3638494412-4230372077-2012251659-1146\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb IE - HKU\S-1-5-21-3638494412-4230372077-2012251659-1146\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3638494412-4230372077-2012251659-1146\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3638494412-4230372077-2012251659-1146\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://chameleonsearch.com/websearch.php?src=tops&search=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {7a3c530d-8cbd-e1bd-c5ba-deea92b467c1}:4.6.7.8 FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0 FF - prefs.js..keyword.URL: "hxxp://chameleonsearch.com/websearch.php?src=tops&search=" FF - HKLM\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions [2011.02.24 22:31:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.24 22:00:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.24 22:40:05 | 000,000,000 | ---D | M] [2011.02.05 12:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX.HEP\AppData\Roaming\mozilla\Extensions [2011.02.24 22:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX.HEP\AppData\Roaming\mozilla\Firefox\Profiles\0nvtw9va.default\extensions [2011.02.10 00:09:38 | 000,000,263 | ---- | M] () -- C:\Users\XXXX.HEP\AppData\Roaming\Mozilla\Firefox\Profiles\0nvtw9va.default\searchplugins\Search.xml [2011.03.01 23:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.02.10 00:09:45 | 000,000,000 | ---D | M] (Stumble Sites Add On) -- C:\Programme\Mozilla Firefox\extensions\{7a3c530d-8cbd-e1bd-c5ba-deea92b467c1} [2010.06.19 07:32:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.24 08:29:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.12 08:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.24 22:31:49 | 000,000,000 | ---D | M] (QuestBrowse) -- C:\Programme\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} [2011.02.10 00:09:45 | 000,000,000 | ---D | M] (Stumble Sites Add On) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{7A3C530D-8CBD-E1BD-C5BA-DEEA92B467C1} [2011.01.12 08:45:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.24 22:31:49 | 000,000,000 | ---D | M] (QuestBrowse) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.30 12:19:50 | 000,111,960 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npww.dll [2010.09.24 15:49:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.24 15:49:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.24 15:49:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.24 15:49:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.24 15:49:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.09 08:52:35 | 000,000,914 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 192.168.4.100 hepxserver.hep.local O1 - Hosts: 192.168.4.100 HEPXSERVER O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (closespace) - {704dbbed-c51b-481b-c378-2dc8f2793a43} - C:\Windows\System32\L-0Isx_.dll () O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Programme\BitTorrentBar\tbBit0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Programme\BitTorrentBar\tbBit0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3638494412-4230372077-2012251659-1146\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Programme\BitTorrentBar\tbBit0.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk = C:\Programme\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin) O4 - Startup: C:\Users\XXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk = C:\Programme\FRITZ!Fernzugang\FRITZVPN.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-21-3638494412-4230372077-2012251659-1146\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-3638494412-4230372077-2012251659-1146\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKU\S-1-5-21-3638494412-4230372077-2012251659-1146\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3638494412-4230372077-2012251659-1146\..Trusted Domains: hepgmbh.de ([remote] https in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hep.local O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ffdshow.ax () Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () ========== Files/Folders - Created Within 30 Days ========== [2011.03.02 12:28:34 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX.HEP\Desktop\OTL.exe [2011.03.02 11:42:33 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\XXXX.HEP\Desktop\HiJackThis204.exe [2011.03.02 11:27:59 | 000,071,880 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll-14261549 [2011.03.01 23:21:06 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Avira [2011.03.01 23:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.03.01 23:18:48 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.03.01 23:18:43 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.01 23:18:43 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.03.01 23:18:40 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.03.01 23:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.03.01 18:38:24 | 000,000,000 | ---D | C] -- C:\Users\XXX.HEP\AppData\Roaming\TeamViewer [2011.02.24 22:31:46 | 000,000,000 | ---D | C] -- C:\Programme\QuestBrwSearch [2011.02.24 22:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\QuestBrwSearch [2011.02.24 22:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports [2011.02.24 22:31:05 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\ShopperReports3 [2011.02.24 22:31:05 | 000,000,000 | ---D | C] -- C:\Programme\ShopperReports3 [2011.02.24 22:13:26 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Documents\iPhone Ringtones [2011.02.24 22:11:39 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\iRinger [2011.02.23 23:00:55 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\DeepBurner [2011.02.13 19:54:18 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\GHISLER [2011.02.12 09:47:52 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Desktop\Kanäle 12.02.11 [2011.02.11 13:57:00 | 000,000,000 | ---D | C] -- C:\SmartDraw 2010 [2011.02.11 13:53:10 | 000,000,000 | ---D | C] -- C:\Programme\MeeSoft [2011.02.11 13:50:57 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\GetRightToGo [2011.02.11 13:50:57 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Documents\Downloads [2011.02.10 08:30:12 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.10 08:29:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.02.10 08:29:40 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.02.10 08:28:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.10 08:28:47 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.10 08:28:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.10 08:28:45 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.10 08:28:45 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.10 08:28:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.10 08:28:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.10 08:28:43 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.10 08:28:42 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.10 08:28:42 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.10 08:28:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.10 08:28:26 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.10 08:28:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.10 08:27:46 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.10 08:27:45 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 23:59:39 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Media Player Classic [2011.02.09 23:58:44 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.1 [2011.02.09 23:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.1 [2011.02.09 23:58:41 | 000,000,000 | ---D | C] -- C:\Programme\XP Codec Pack [2011.02.09 23:45:56 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\GrabIt [2011.02.09 11:20:33 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\WinRAR [2011.02.07 08:16:28 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Macromedia [2011.02.05 12:45:16 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\skypePM [2011.02.05 12:45:16 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Skype [2011.02.05 12:43:38 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Skype_old [2011.02.05 12:41:02 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\HP [2011.02.05 12:41:02 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\GHISLER [2011.02.05 12:41:02 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\FreePDF_XP [2011.02.05 12:41:02 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\Diagnostics [2011.02.05 12:41:02 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\Apple_Inc [2011.02.05 12:41:01 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\Apple Computer [2011.02.05 12:41:01 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\Apple [2011.02.05 12:29:00 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Documents\Scanned Documents [2011.02.05 12:29:00 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Documents\Notes [2011.02.05 12:29:00 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Documents\Xilisoft [2011.02.05 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Documents\Meine empfangenen Dateien [2011.02.05 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Documents\Fax [2011.02.05 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Documents\Dokumentation für Miguels Gerät [2011.02.05 12:22:48 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Desktop\USB STICK ARBEIT [2011.02.05 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Desktop\Privat [2011.02.05 12:17:23 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Desktop\Neuer Ordner [2011.02.05 12:17:22 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Desktop\mp3DirectCut [2011.02.05 12:17:20 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Adobe [2011.02.05 12:17:20 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\Adobe [2011.02.05 12:17:17 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Desktop\banelka [2011.02.05 12:17:13 | 000,745,848 | ---- | C] (BitTorrent, Inc.) -- C:\Users\XXXX.HEP\Desktop\BitTorrent-7.1.exe [2011.02.05 12:17:03 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Tracing [2011.02.05 12:17:03 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Application Data [2011.02.05 12:17:03 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\.shsh [2011.02.05 12:17:03 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\.jordan [2011.02.05 12:17:03 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\.jenny [2011.02.05 12:17:02 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\temp [2011.02.05 12:17:01 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\Privat [2011.02.05 12:10:22 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\TuneUp Software [2011.02.05 12:08:57 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Mozilla [2011.02.05 12:08:57 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\Mozilla [2011.02.04 19:52:24 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Apple Computer [2011.02.04 19:49:02 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.02.04 19:49:02 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Searches [2011.02.04 19:49:02 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.02.04 19:48:49 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Identities [2011.02.04 19:48:44 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Contacts [2011.02.04 19:48:38 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Small Business Server 2008 [2011.02.04 19:48:38 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\VirtualStore [2011.02.04 19:48:36 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Windows Small Business Server [2011.02.04 19:48:19 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Vorlagen [2011.02.04 19:48:19 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\AppData\Local\Verlauf [2011.02.04 19:48:19 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\AppData\Local\Temporary Internet Files [2011.02.04 19:48:19 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Startmenü [2011.02.04 19:48:19 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Lokale Einstellungen [2011.02.04 19:48:19 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\AppData\Local\Anwendungsdaten [2011.02.04 19:48:18 | 000,000,000 | --SD | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Videos [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Saved Games [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Pictures [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Music [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Links [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Favorites [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Downloads [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Documents [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\Desktop [2011.02.04 19:48:18 | 000,000,000 | R--D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.02.04 19:48:18 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\SendTo [2011.02.04 19:48:18 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Recent [2011.02.04 19:48:18 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Netzwerkumgebung [2011.02.04 19:48:18 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Documents\Eigene Videos [2011.02.04 19:48:18 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Documents\Eigene Musik [2011.02.04 19:48:18 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Eigene Dateien [2011.02.04 19:48:18 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Documents\Eigene Bilder [2011.02.04 19:48:18 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Druckumgebung [2011.02.04 19:48:18 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Cookies [2011.02.04 19:48:18 | 000,000,000 | -HSD | C] -- C:\Users\XXXX.HEP\Anwendungsdaten [2011.02.04 19:48:18 | 000,000,000 | -H-D | C] -- C:\Users\XXXX.HEP\AppData [2011.02.04 19:48:18 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\Temp [2011.02.04 19:48:18 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\Microsoft Help [2011.02.04 19:48:18 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Local\Microsoft [2011.02.04 19:48:18 | 000,000,000 | ---D | C] -- C:\Users\XXXX.HEP\AppData\Roaming\Media Center Programs [2011.01.31 22:51:33 | 000,000,000 | ---D | C] -- C:\Windows\Temp31642253-80D4-4285-5DD8-B7FA84AEB2F0-Signatures [2011.01.31 22:49:49 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2011.01.31 22:48:38 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2010.03.27 16:39:13 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\Interop.MSWinsockLib.dll [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.02 12:28:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX.HEP\Desktop\OTL.exe [2011.03.02 11:43:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\XXXX.HEP\Desktop\HiJackThis204.exe [2011.03.02 11:28:00 | 000,071,880 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll-14261549 [2011.03.02 09:45:17 | 000,137,198 | ---- | M] () -- C:\Users\XXXX.HEP\Desktop\FF.jpg [2011.03.02 08:27:06 | 000,277,761 | ---- | M] () -- C:\Users\XXXX.HEP\Desktop\Firewall-Regeln.jpg [2011.03.02 08:24:00 | 000,228,680 | ---- | M] () -- C:\Users\XXXX.HEP\Desktop\dienste.jpg [2011.03.02 08:14:09 | 000,015,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.02 08:14:08 | 000,015,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.02 08:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.02 07:38:56 | 221,761,359 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.03.02 07:38:48 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2011.03.01 23:19:08 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.03.01 15:20:07 | 000,679,617 | ---- | M] () -- C:\Users\XXXX.HEP\Desktop\hugo_bilder_20110301.zip [2011.02.20 21:45:26 | 000,029,184 | ---- | M] () -- C:\Windows\System32\dot3svcd.dll [2011.02.15 16:32:27 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.02.14 08:34:04 | 000,000,600 | ---- | M] () -- C:\Users\XXXX.HEP\AppData\Roaming\winscp.rnd [2011.02.10 08:38:10 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.10 08:38:01 | 000,048,460 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.02.10 00:09:46 | 000,127,216 | ---- | M] () -- C:\Windows\System32\z0_h-uvSoEx-7Pp.exe [2011.02.09 23:59:17 | 050,087,172 | ---- | M] () -- C:\Users\XXXX.HEP\AppData\Roaming\Neuer Ordner.avi [2011.02.09 23:58:56 | 000,001,064 | ---- | M] () -- C:\Users\XXXX.HEP\Desktop\Media Player Classic.lnk [2011.02.09 23:56:41 | 000,000,000 | ---- | M] () -- C:\Users\XXXX.HEP\AppData\Roaming\chrtmp [2011.02.09 11:01:58 | 000,645,966 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.09 11:01:58 | 000,609,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.09 11:01:58 | 000,127,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.09 11:01:58 | 000,104,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.08 20:20:22 | 002,121,216 | ---- | M] () -- C:\Windows\System32\L-0Isx_.dll [2011.02.08 16:53:28 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.02.07 21:29:34 | 000,001,205 | ---- | M] () -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk [2011.02.07 17:13:16 | 000,286,774 | ---- | M] () -- C:\Users\XXXX.HEP\Desktop\EMC Monza CPO.pdf [2011.02.05 12:51:25 | 000,000,840 | RHS- | M] () -- C:\Users\XXXX.HEP\ntuser.pol [2011.01.31 22:54:50 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.02 09:45:16 | 000,137,198 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\FF.jpg [2011.03.02 08:27:05 | 000,277,761 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\Firewall-Regeln.jpg [2011.03.02 08:23:59 | 000,228,680 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\dienste.jpg [2011.03.01 23:19:08 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.03.01 15:20:03 | 000,679,617 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\hugo_bilder_20110301.zip [2011.02.20 21:45:26 | 000,029,184 | ---- | C] () -- C:\Windows\System32\dot3svcd.dll [2011.02.15 16:32:27 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.02.14 08:34:04 | 000,000,600 | ---- | C] () -- C:\Users\XXXX.HEP\AppData\Roaming\winscp.rnd [2011.02.10 00:09:45 | 000,127,216 | ---- | C] () -- C:\Windows\System32\z0_h-uvSoEx-7Pp.exe [2011.02.09 23:58:56 | 000,001,064 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\Media Player Classic.lnk [2011.02.09 23:56:41 | 000,000,000 | ---- | C] () -- C:\Users\XXXX.HEP\AppData\Roaming\chrtmp [2011.02.09 23:56:36 | 050,087,172 | ---- | C] () -- C:\Users\XXXX.HEP\AppData\Roaming\Neuer Ordner.avi [2011.02.08 20:20:22 | 002,121,216 | ---- | C] () -- C:\Windows\System32\L-0Isx_.dll [2011.02.07 21:29:34 | 000,001,205 | ---- | C] () -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!Fernzugang.lnk [2011.02.07 17:13:16 | 000,286,774 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\EMC Monza CPO.pdf [2011.02.05 12:40:59 | 000,003,584 | ---- | C] () -- C:\Users\XXXX.HEP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.05 12:28:51 | 000,000,000 | -H-- | C] () -- C:\Users\XXXX.HEP\Documents\Default.rdp [2011.02.05 12:28:50 | 000,007,629 | ---- | C] () -- C:\Users\XXXX.HEP\Documents\ATX 23.02.2010.PDF [2011.02.05 12:17:17 | 000,365,568 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\RE AW RAT- STOCK ACTUAL E.E. PARA LAMPARAS SODIO AP.msg [2011.02.05 12:17:17 | 000,131,518 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\Electronic Ballast HEP _2_.pdf [2011.02.05 12:17:17 | 000,074,277 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\TC226AZ.pdf [2011.02.05 12:17:17 | 000,053,315 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\Lichttechnische Fachbegriffe.pdf [2011.02.05 12:17:17 | 000,003,241 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\cwshare.cfg [2011.02.05 12:17:17 | 000,001,598 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\DivX Movies.lnk [2011.02.05 12:17:17 | 000,001,064 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\Daten HEP.lnk [2011.02.05 12:17:17 | 000,001,055 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\DeepBurner.lnk [2011.02.05 12:17:17 | 000,000,955 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\Gbox Share Control.lnk [2011.02.05 12:17:17 | 000,000,937 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\Mbox Control Center.lnk [2011.02.05 12:17:17 | 000,000,910 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\Windows Mobile-Gerätecenter.lnk [2011.02.05 12:17:17 | 000,000,889 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\WinSCP.lnk [2011.02.05 12:17:17 | 000,000,884 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\CCcamInfoPHP-v1.6.by-tayrax.lnk [2011.02.05 12:17:17 | 000,000,632 | ---- | C] () -- C:\Users\XXXX.HEP\Desktop\Total Commander.lnk [2011.02.05 12:17:03 | 000,039,740 | ---- | C] () -- C:\Users\XXXX.HEP\ignore.list [2011.02.04 19:49:12 | 000,001,413 | ---- | C] () -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.02.04 19:48:36 | 000,000,840 | RHS- | C] () -- C:\Users\XXXX.HEP\ntuser.pol [2011.01.31 22:54:49 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2010.06.26 12:41:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.03.27 16:39:13 | 000,012,288 | ---- | C] () -- C:\Windows\System32\AxInterop.MSWinsockLib.dll [2010.03.24 10:11:55 | 000,048,460 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.01.07 11:57:10 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.01.07 11:57:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009.11.13 12:23:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.13 12:06:24 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2009.11.13 12:04:07 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.14 09:47:43 | 000,645,966 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,127,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,410,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,609,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,104,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.16 18:26:50 | 002,031,008 | ---- | C] () -- C:\Windows\System32\igkrng400.bin [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe [2006.09.06 19:42:56 | 000,237,568 | ---- | C] () -- C:\Windows\System32\hppapr02.dll [2006.09.06 19:41:04 | 000,000,600 | ---- | C] () -- C:\Windows\System32\hppapr02.dat [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll ========== LOP Check ========== [2009.11.13 14:19:47 | 000,000,000 | ---D | M] -- C:\Users\Miguel Barrena\AppData\Roaming\DeepBurner [2010.02.16 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\Miguel Barrena\AppData\Roaming\FileZilla [2009.11.14 14:59:20 | 000,000,000 | ---D | M] -- C:\Users\Miguel Barrena\AppData\Roaming\GHISLER [2010.03.17 21:35:09 | 000,000,000 | ---D | M] -- C:\Users\Miguel Barrena\AppData\Roaming\GrabIt [2010.03.08 12:06:41 | 000,000,000 | ---D | M] -- C:\Users\Miguel Barrena\AppData\Roaming\TeamViewer [2010.03.01 12:44:23 | 000,000,000 | ---D | M] -- C:\Users\Miguel Barrena\AppData\Roaming\Win7codecs [2011.01.27 21:30:41 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\BitTorrent [2010.03.26 13:23:03 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DeepBurner [2010.03.27 16:53:04 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GHISLER [2010.03.25 22:25:35 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\GrabIt [2010.12.30 01:11:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Local [2010.05.07 20:04:44 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TeamViewer [2011.01.12 08:53:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TuneUp Software [2010.03.24 10:18:25 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Windows Small Business Server [2010.12.21 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Xilisoft [2011.02.23 23:23:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\DeepBurner [2011.02.11 13:52:00 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\GetRightToGo [2011.02.13 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\GHISLER [2011.02.24 23:10:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\GrabIt [2011.02.24 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\ShopperReports3 [2011.03.01 19:20:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\TeamViewer [2011.02.05 12:10:22 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\TuneUp Software [2011.02.04 19:48:36 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Windows Small Business Server [2010.10.20 21:06:02 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.02.07 08:16:28 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Adobe [2011.02.09 19:36:36 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Apple Computer [2011.03.01 23:21:06 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Avira [2011.02.23 23:23:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\DeepBurner [2011.02.11 13:52:00 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\GetRightToGo [2011.02.13 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\GHISLER [2011.02.24 23:10:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\GrabIt [2011.02.04 19:48:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Identities [2011.02.07 08:16:28 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Macromedia [2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Media Center Programs [2011.02.10 00:01:25 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Media Player Classic [2011.02.10 00:09:35 | 000,000,000 | --SD | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Microsoft [2011.02.05 12:09:25 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Mozilla [2011.02.24 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\ShopperReports3 [2011.03.02 09:29:15 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Skype [2011.03.02 09:01:33 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\skypePM [2011.02.05 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Skype_old [2011.03.01 19:20:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\TeamViewer [2011.02.05 12:10:22 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\TuneUp Software [2011.02.04 19:48:36 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\Windows Small Business Server [2011.02.09 11:20:33 | 000,000,000 | ---D | M] -- C:\Users\XXXX.HEP\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\MpNWMon.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2010.12.18 06:29:18 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll [2011.01.05 06:37:33 | 000,428,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:85D59B256CC0F0BC < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.03.2011 12:32:15 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\XXXXXX.HEP\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 50,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,03 Gb Total Space | 22,75 Gb Free Space | 29,16% Space Free | Partition Type: NTFS
Drive D: | 65,05 Gb Total Space | 28,33 Gb Free Space | 43,55% Space Free | Partition Type: NTFS
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3638494412-4230372077-2012251659-1146\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7CB9546E-BF2C-47DE-9DB4-C4364FBE57EC}" = Broadcom Wireless LAN Driver 4.100.15.7_Negative_Foxconn
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E040F28C-D797-46E1-8A2D-3595456B09BF}" = iPhone-Konfigurationsprogramm
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"QuestBrowse" = QuestBrowse 1.0 build 127
"ShopperReportsSA" = ShopperReports
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.1.7
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.9
"XP Codec Pack" = XP Codec Pack
"z0_h-uvSoEx-7Pp" = Stumble Sites Add On
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.03.2011 01:00:04 | Computer Name = XXXX.hep.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.03.2011 01:00:04 | Computer Name = XXXX.hep.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14180
Error - 02.03.2011 01:00:04 | Computer Name = XXXX.hep.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14180
Error - 02.03.2011 02:42:58 | Computer Name = XXXX.hep.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Apache.exe, Version: 0.0.0.0, Zeitstempel:
0x4453f8ee Name des fehlerhaften Moduls: php5ts.dll, Version: 5.2.0.0, Zeitstempel:
0x4549ce71 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b0e82 ID des fehlerhaften Prozesses:
0x388 Startzeit der fehlerhaften Anwendung: 0x01cbd8a4fa3bde0b Pfad der fehlerhaften
Anwendung: D:\Cccam\CCcamInfoPHPbyTayrax\server\Apache\Apache.exe Pfad des fehlerhaften
Moduls: d:\cccam\cccaminfophpbytayrax\server\php\php5ts.dll Berichtskennung: 4f2c0c5d-4498-11e0-83f4-001d7232a296
Error - 02.03.2011 02:43:37 | Computer Name = XXXX.hep.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.03.2011 02:43:37 | Computer Name = XXXX.hep.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15616
Error - 02.03.2011 02:43:37 | Computer Name = XXXX.hep.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15616
Error - 02.03.2011 03:14:49 | Computer Name = XXX.hep.local | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.1.1.4 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 450 Startzeit:
01cbd8a91f54e24c Endzeit: 0 Anwendungspfad: C:\Program Files\iTunes\iTunes.exe Berichts-ID:
Error - 02.03.2011 04:11:54 | Computer Name = XXXX.hep.local | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3909 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13b0 Startzeit:
01cbd8b15c7acf0a Endzeit: 31 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
ad64d6ce-44a4-11e0-83f4-001d7232a296
Error - 02.03.2011 04:29:26 | Computer Name = XXXX.hep.local | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 4.2.0.155 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16f8 Startzeit:
01cbd8affdb1a533 Endzeit: 0 Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe
Berichts-ID:
ff6fe6dd-44a6-11e0-83f4-001d7232a296
[ OSession Events ]
Error - 15.07.2010 03:13:19 | Computer Name = XXXX.hepexchange.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 89965
seconds with 5220 seconds of active time. This session ended with a crash.
Error - 28.01.2011 04:25:12 | Computer Name = XXXX.hepexchange.local | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 258588
seconds with 16140 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.03.2011 18:19:24 | Computer Name = XXXX.hep.local | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 01.03.2011 18:22:04 | Computer Name = XXXX.hep.local | Source = Service Control Manager | ID = 7034
Description = Dienst "QuestBrowse Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.03.2011 19:48:39 | Computer Name = XXXX.hep.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 02.03.2011 02:39:01 | Computer Name = XXXX.hep.local | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?03.?2011 um 05:59:18 unerwartet heruntergefahren.
Error - 02.03.2011 02:39:17 | Computer Name = XXXX.hep.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HEP aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 02.03.2011 02:39:17 | Computer Name = XXXX.hep.local | Source = BugCheck | ID = 1001
Description =
Error - 02.03.2011 02:39:18 | Computer Name = XXXX.hep.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 02.03.2011 02:39:57 | Computer Name = XXXX.hep.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 02.03.2011 02:42:08 | Computer Name = XXXX.hep.local | Source = TermService | ID = 1067
Description =
Error - 02.03.2011 04:31:16 | Computer Name = XXXX.hep.local | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
02.03.2011, 14:10
| #5 |
| /// Malware-holic | www.directrdr.com öffnet sich immer bei Firefox bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.03.2011, 14:20
| #6 |
| | www.directrdr.com öffnet sich immer bei Firefox habe win 7 drauf... geht aber nur für xp und vista, richtig? |
|
02.03.2011, 15:25
| #7 |
| /// Malware-holic | www.directrdr.com öffnet sich immer bei Firefox nein geht auch für win7 :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.03.2011, 19:00
| #8 |
| | www.directrdr.com öffnet sich immer bei Firefox hier der log der combofix: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-01.03 - MiguelBarrena 02.03.2011 16:34:46.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2038.1120 [GMT 1:00]
ausgeführt von:: c:\users\MiguelBarrena.HEP\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
c:\program files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome\questbrowse.jar
c:\program files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\install.rdf
c:\program files\QuestBrwSearch
c:\program files\QuestBrwSearch\uninstall.exe
c:\program files\ShopperReports3
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt
c:\program files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files\ShopperReports3\bin\3.1.22.0\link.ico
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\programdata\QuestBrwSearch
c:\users\XXXXrrena.HEP\AppData\Roaming\ShopperReports3
c:\users\XXXXrrena\AppData\Roaming\Local
c:\users\XXXXrrena\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\XXXXrrena\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\users\XXXXrrena\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ujgzhqi7fe6qy.avi.ddp
c:\users\XXXXrrena\AppData\Roaming\Local\Temp\DDM\Settings\ujgzhqi7fe6qy.avi.ddr
----- BITS: Eventuell infizierte Webseiten -----
hxxp://exchangeserver:8530
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-02 bis 2011-03-02 ))))))))))))))))))))))))))))))
.
2011-03-02 15:46 . 2011-03-02 15:46 -------- d-----w- c:\users\XXXXrrena\AppData\Local\temp
2011-03-02 15:46 . 2011-03-02 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-02 15:46 . 2011-03-02 15:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-03-02 15:46 . 2011-03-02 15:46 -------- d-----w- c:\users\Miguel Barrena\AppData\Local\temp
2011-03-02 10:27 . 2011-03-02 10:28 71880 ----a-w- c:\windows\system32\PxSecure.dll-14261549
2011-03-02 06:39 . 2011-03-02 06:39 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9229576A-054C-4B3A-945F-1926633840B6}\MpKslf7b3a8df.sys
2011-03-01 22:23 . 2011-03-01 22:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9229576A-054C-4B3A-945F-1926633840B6}\MpKsl154fbe5d.sys
2011-03-01 22:22 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9229576A-054C-4B3A-945F-1926633840B6}\mpengine.dll
2011-03-01 22:18 . 2011-01-10 13:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-01 22:18 . 2011-01-10 13:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-01 22:18 . 2011-03-01 22:18 -------- d-----w- c:\programdata\Avira
2011-03-01 22:18 . 2011-03-01 22:18 -------- d-----w- c:\program files\Avira
2011-02-20 20:45 . 2011-02-20 20:45 29184 ----a-w- c:\windows\system32\dot3svcd.dll
2011-02-11 12:57 . 2011-02-11 12:57 -------- d-----w- C:\SmartDraw 2010
2011-02-11 12:53 . 2011-02-11 12:58 -------- d-----w- c:\program files\MeeSoft
2011-02-10 07:30 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-10 07:29 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 07:29 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-10 07:27 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-10 07:27 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 07:27 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 23:09 . 2011-02-09 23:09 127216 ----a-w- c:\windows\system32\z0_h-uvSoEx-7Pp.exe
2011-02-09 23:09 . 2011-02-08 19:20 2077696 ----a-w- c:\program files\Mozilla Firefox\extensions\{7a3c530d-8cbd-e1bd-c5ba-deea92b467c1}\components\l5JhR_8XOZ.dll
2011-02-09 22:58 . 2011-02-09 22:58 -------- d-----w- c:\program files\XP Codec Pack
2011-02-08 19:20 . 2011-02-08 19:20 2121216 ----a-w- c:\windows\system32\L-0Isx_.dll
2011-02-04 18:50 . 2011-02-09 07:51 -------- d-----w- c:\users\Administrator.HEP
2011-02-04 18:48 . 2011-02-05 11:51 -------- d-----w- c:\users\XXXXrrena.HEP
2011-01-31 22:11 . 2011-01-31 22:10 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E6E33BC-5EEF-4EDA-9772-796EF05750C4}\gapaengine.dll
2011-01-31 21:51 . 2011-01-31 21:51 -------- d-----w- c:\windows\Temp31642253-80D4-4285-5DD8-B7FA84AEB2F0-Signatures
2011-01-31 21:49 . 2011-01-31 21:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-31 21:48 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2010-06-18 17:03 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-20 19:08 . 2011-01-20 19:08 29184 ----a-r- c:\users\MiguelBarrena\AppData\Roaming\Microsoft\Installer\{E11DFB49-0F7A-4FC5-B6D2-AD0A3CA7F152}\Icon37C19C2D1.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{704dbbed-c51b-481b-c378-2dc8f2793a43}]
2011-02-08 19:20 2121216 ----a-w- c:\windows\System32\L-0Isx_.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-24 11:45 3911776 ----a-w- c:\program files\BitTorrentBar\tbBit0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBit0.dll" [2010-12-24 3911776]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBit0.dll" [2010-12-24 3911776]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-16 150552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
c:\users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!Fernzugang.lnk - c:\program files\FRITZ!Fernzugang\FRITZVPN.exe [2009-7-21 234296]
c:\users\XXXX.HEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!Fernzugang.lnk - c:\program files\FRITZ!Fernzugang\FRITZVPN.exe [2009-7-21 234296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
R1 MpKsl3f685642;MpKsl3f685642;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95DEC7A2-9BBA-40D7-BAC4-DBBD29C889EB}\MpKsl3f685642.sys [x]
R1 MpKsle5508a14;MpKsle5508a14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{910AB9C4-B0EC-46BC-8EBB-4D201415ECF7}\MpKsle5508a14.sys [x]
R1 MpKsle72d8b25;MpKsle72d8b25;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{910AB9C4-B0EC-46BC-8EBB-4D201415ECF7}\MpKsle72d8b25.sys [x]
R1 MpKsle952c87b;MpKsle952c87b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E98A80E-31C0-4E66-A418-63A6B0796AC3}\MpKsle952c87b.sys [x]
R1 MpKslf81e4114;MpKslf81e4114;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{361D85AA-0266-4FD2-BC90-84532BE8E1DF}\MpKslf81e4114.sys [x]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [x]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
R3 MCHPUSB;MCHPUSB;c:\windows\system32\DRIVERS\mchpusb.sys [2007-12-19 53760]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S1 MpKsl154fbe5d;MpKsl154fbe5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9229576A-054C-4B3A-945F-1926633840B6}\MpKsl154fbe5d.sys [2011-03-01 28752]
S1 MpKslf7b3a8df;MpKslf7b3a8df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9229576A-054C-4B3A-945F-1926633840B6}\MpKslf7b3a8df.sys [2011-03-02 28752]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe [2009-07-02 267576]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe [2009-07-02 132408]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [2009-07-02 161080]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys [2009-07-02 338232]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - MPKSLF7B3A8DF
*NewlyCreated* - PXKBF
*NewlyCreated* - PXRTS
*NewlyCreated* - PXSCAN
*NewlyCreated* - SSMDRV
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\XXXX.HEP\AppData\Roaming\Mozilla\Firefox\Profiles\0nvtw9va.default\
FF - prefs.js: browser.search.defaulturl - hxxp://chameleonsearch.com/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://chameleonsearch.com/websearch.php?src=tops&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Stumble Sites Add On: {7a3c530d-8cbd-e1bd-c5ba-deea92b467c1} - c:\program files\Mozilla Firefox\extensions\{7a3c530d-8cbd-e1bd-c5ba-deea92b467c1}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-QuestBrowse - c:\program files\QuestBrwSearch\uninstall.exe
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-02 16:49:41
ComboFix-quarantined-files.txt 2011-03-02 15:49
Vor Suchlauf: 8 Verzeichnis(se), 24.188.592.128 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 24.070.381.568 Bytes frei
- - End Of File - - 6C74679A75518E3F6B43912392656BFE
|
|
02.03.2011, 19:03
| #9 |
| /// Malware-holic | www.directrdr.com öffnet sich immer bei Firefox download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.03.2011, 22:01
| #10 |
| | www.directrdr.com öffnet sich immer bei Firefox hier der log von malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5935 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 02.03.2011 21:54:01 mbam-log-2011-03-02 (21-53-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 303094 Laufzeit: 1 Stunde(n), 21 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 21 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Qoobox\quarantine\C\program files\questbrwsearch\uninstall.exe.vir (Adware.QuestBrowse) -> No action taken. |
|
03.03.2011, 11:19
| #11 |
| /// Malware-holic | www.directrdr.com öffnet sich immer bei Firefox alle funde entfernt? falls nein erneut updaten und vollständigen scan, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2011, 11:32
| #12 |
| | www.directrdr.com öffnet sich immer bei Firefox Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5940 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 03.03.2011 10:11:22 mbam-log-2011-03-03 (10-11-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 281167 Laufzeit: 1 Stunde(n), 14 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Habe alle funde entfernt. heute morgen update gemacht und neuen suchlauf gestartet.... kann ich sonst noch was machen? hoffe das es jetzt besser läuft... |
|
03.03.2011, 11:49
| #13 |
| | www.directrdr.com öffnet sich immer bei Firefox firefox läuft sehr langsam.... |
|
03.03.2011, 13:50
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | www.directrdr.com öffnet sich immer bei Firefox So, werd ich hier auch mal auf das Crossposting hinweisen müssen  www.directrdr.com öffnet sich immer bei Firefox (Michael78) - Computerhilfen.de
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.03.2011, 14:54
| #15 |
| /// Malware-holic | www.directrdr.com öffnet sich immer bei Firefox in welchen forum wirst du weiter machen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu www.directrdr.com öffnet sich immer bei Firefox |
| antivir, essen, essentials, firefox, folge, folgendes, hallo zusammen, immer wieder, installier, lahm, laufe, laufen, meldung, microsoft, microsoft security, microsoft security essentials, problem, security, security essentials, system, tagen, website, win, win7, windows, zusammen, öffnet |
Linear-Darstellung
