| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus blockiert Antivierseiten , was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.03.2011, 01:20
| #1 |
| |  Virus blockiert Antivierseiten , was tun? Hi, Erstmal mein System: Windows XP Professional SP3 Also das Problem besteht darin das ich auf keine Antivierenseiten gehen kann, auch nicht auf Microsoft.com . Ich habe schon so aberviele Antivierenprogramme getestet aber keins konnte den Virus löschen. Hier die Sachen, die der Virus alles blockiert: Alle Herstellerseiten die Antivierenprogramme anbieten Bei Systemstart dauert es Sehr lange beim Ladebalken, er hängt auch einmal für ca. 10sekunden. Bei jedem Systemstart wird mein Taskmanager geblockt, den ich jedesmal wieder durch "regedit" freigeben muss, dabei sind dort 2 Einträge : DisableTaskMgr und DisableRegistryTools In der Prozessliste sind mir 4 Sachen aufgefallen die mir komisch vorkommen: DCService.exe RegistryWriter.exe jqs.exe services.exe spoolsv.exe Ich habe bereits OTL ausgeführt, hier die Log's: OTL.txt Code:
ATTFilter OTL logfile created on: 14.03.2011 00:44:34 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Viruskilla Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 765,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 63,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): C:\pagefile.sys 2000 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme Drive C: | 76,68 Gb Total Space | 29,09 Gb Free Space | 37,94% Space Free | Partition Type: NTFS Computer Name: EXPENDABLE | User Name: eXpendabLe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.14 00:37:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Viruskilla\OTL.exe PRC - [2011.03.06 04:19:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2010.12.01 15:28:47 | 000,733,184 | --S- | M] () -- C:\WINXP\test\svchost.exe PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe PRC - [2009.01.05 15:16:12 | 000,069,632 | ---- | M] () -- C:\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe PRC - [2008.04.14 10:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe PRC - [2006.09.28 14:11:52 | 000,729,088 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\Wireless LAN Driver and Utility\RtWLan.exe ========== Modules (SafeList) ========== MOD - [2011.03.14 00:37:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Viruskilla\OTL.exe MOD - [2008.04.14 10:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINXP\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.06.07 11:22:00 | 003,549,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINXP\System32\GameMon.des -- (npggsvc) SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.01.05 15:16:12 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe -- (RalinkRegistryWriter) ========== Driver Services (SafeList) ========== DRV - [2011.03.12 12:59:14 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINXP\system32\drivers\uzczmjuz.sys -- (uzczmjuz) DRV - [2010.09.28 16:38:52 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SoftnyxGame\WolfTeamIS\apf001.sys -- (apf001) DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.03.25 10:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.03.20 10:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008.10.21 10:16:58 | 000,465,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\rt73.sys -- (RT73) DRV - [2007.09.10 12:09:20 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007.09.10 12:09:18 | 000,053,504 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.06.14 15:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.09.06 04:36:42 | 000,187,392 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2006.04.06 01:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2005.03.16 07:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINXP\system32\drivers\BIOS.sys -- (BIOS) DRV - [2002.10.02 09:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\SjyPkt.sys -- (SjyPkt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig?hl=de#restore" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.11 01:51:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.06 04:20:07 | 000,000,000 | ---D | M] [2010.12.24 19:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Mozilla\Extensions [2011.03.12 05:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Mozilla\Firefox\Profiles\woy4qm61.default\extensions [2010.12.24 21:36:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Mozilla\Firefox\Profiles\woy4qm61.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.20 02:38:12 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Mozilla\Firefox\Profiles\woy4qm61.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2010.12.24 19:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.30 20:43:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.03.06 04:19:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.06 04:19:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.06 04:19:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.06 04:19:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.06 04:19:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 10:00:00 | 000,000,820 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKCU..\Run: [Java(TM) Platform SA Auto Updater 2.0] C:\WINXP\test\svchost.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless LAN Utility.lnk = C:\Programme\Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Programme\Stardock\Fences\FencesMenu.dll (Stardock) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\eXpendabLe\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\eXpendabLe\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.29 12:58:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3d0f11a4-01f7-11e0-88f5-00e04d5da8fd}\Shell - "" = AutoRun O33 - MountPoints2\{3d0f11a4-01f7-11e0-88f5-00e04d5da8fd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3d0f11a4-01f7-11e0-88f5-00e04d5da8fd}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{bb7bbbf2-0637-11e0-88fb-00040efd8e0b}\Shell - "" = AutoRun O33 - MountPoints2\{bb7bbbf2-0637-11e0-88fb-00040efd8e0b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bb7bbbf2-0637-11e0-88fb-00040efd8e0b}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bb7bbbf5-0637-11e0-88fb-00040efd8e0b}\Shell - "" = AutoRun O33 - MountPoints2\{bb7bbbf5-0637-11e0-88fb-00040efd8e0b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bb7bbbf5-0637-11e0-88fb-00040efd8e0b}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bb7bbbf7-0637-11e0-88fb-00e04d5da8fd}\Shell - "" = AutoRun O33 - MountPoints2\{bb7bbbf7-0637-11e0-88fb-00e04d5da8fd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bb7bbbf7-0637-11e0-88fb-00e04d5da8fd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bb7bbbf8-0637-11e0-88fb-00e04d5da8fd}\Shell - "" = AutoRun O33 - MountPoints2\{bb7bbbf8-0637-11e0-88fb-00e04d5da8fd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bb7bbbf8-0637-11e0-88fb-00e04d5da8fd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bde724c3-f480-11df-88dd-002719b90b93}\Shell - "" = AutoRun O33 - MountPoints2\{bde724c3-f480-11df-88dd-002719b90b93}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bde724c3-f480-11df-88dd-002719b90b93}\Shell\AutoRun\command - "" = C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{c7187c34-23f6-11e0-8930-00e04d5da8fd}\Shell - "" = AutoRun O33 - MountPoints2\{c7187c34-23f6-11e0-8930-00e04d5da8fd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c7187c34-23f6-11e0-8930-00e04d5da8fd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c9edd6ae-0b76-11e0-8902-00e04d5da8fd}\Shell - "" = AutoRun O33 - MountPoints2\{c9edd6ae-0b76-11e0-8902-00e04d5da8fd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9edd6ae-0b76-11e0-8902-00e04d5da8fd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c9edd6b2-0b76-11e0-8902-00e04d5da8fd}\Shell - "" = AutoRun O33 - MountPoints2\{c9edd6b2-0b76-11e0-8902-00e04d5da8fd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9edd6b2-0b76-11e0-8902-00e04d5da8fd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: ndgfwt - C:\WINXP\system32\xupixge.dll () MsConfig - Services: "Hamachi2Svc" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^GamersFirst LIVE!.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TL-WN321G Wireless Utility.lnk - C:\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe - () MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINXP\Alcmtr.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: DWQueuedReporting - hkey= - key= - C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) MsConfig - StartUpReg: Google Update - hkey= - key= - File not found MsConfig - StartUpReg: Java(TM) Platform SA Auto Updater 2.0 - hkey= - key= - C:\WINXP\test\svchost.exe () MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig - StartUpReg: MSConfig - hkey= - key= - C:\WINXP\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation) MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: nwiz - hkey= - key= - C:\Programme\NVIDIA Corporation\nView\nwiz.exe () MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINXP\RTHDCPL.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINXP\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2011.03.12 13:18:08 | 000,000,000 | ---D | C] -- C:\Avenger [2011.03.12 12:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Viruskilla [2011.03.12 05:22:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Recent [2011.03.08 03:24:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\GMTOOL [2011.03.06 03:35:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Flyff [2011.03.06 03:09:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi [2011.03.06 03:09:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi [2011.03.06 03:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LogMeIn Hamachi [2011.03.06 03:08:46 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi [2011.03.06 03:04:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Destiny [2011.03.06 02:05:03 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Ambient FlyFF [2011.02.28 02:21:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Sora No Shinsei [2011.02.20 13:59:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Startmenü\Programme\Counter-Strike Source 2010 [2011.02.20 07:13:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\CSS [2011.02.20 02:54:56 | 000,000,000 | ---D | C] -- C:\WINXP\Minidump [2011.02.20 02:38:13 | 000,000,000 | ---D | C] -- C:\Programme\Vuze [2011.02.20 02:38:08 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2011.02.20 02:38:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Lokale Einstellungen\Anwendungsdaten\Vuze_Remote [2011.02.20 02:38:01 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine [2011.02.20 02:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Lokale Einstellungen\Anwendungsdaten\ConduitEngine [2011.02.20 02:37:58 | 000,000,000 | ---D | C] -- C:\Programme\Vuze_Remote [2011.02.15 13:22:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Manic Digger [2011.02.12 02:06:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\eXpendabLe\Eigene Dateien\My Cheat Tables [2011.02.12 02:06:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cheat Engine 6.0 [2011.02.12 02:05:58 | 000,000,000 | ---D | C] -- C:\Programme\Cheat Engine 6 [3 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ] [2 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.14 00:45:31 | 000,525,736 | ---- | M] () -- C:\WINXP\System32\perfh007.dat [2011.03.14 00:45:31 | 000,500,942 | ---- | M] () -- C:\WINXP\System32\perfh009.dat [2011.03.14 00:45:31 | 000,086,952 | ---- | M] () -- C:\WINXP\System32\perfc009.dat [2011.03.14 00:45:30 | 000,104,528 | ---- | M] () -- C:\WINXP\System32\perfc007.dat [2011.03.14 00:41:15 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat [2011.03.13 12:16:14 | 000,365,513 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe [2011.03.13 02:00:08 | 000,000,356 | ---- | M] () -- C:\WINXP\tasks\AdobeAAMUpdater-1.0-EXPENDABLE-eXpendabLe.job [2011.03.12 12:59:14 | 000,011,264 | ---- | M] () -- C:\WINXP\System32\drivers\uzczmjuz.sys [2011.03.12 00:53:04 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl [2011.03.06 01:24:55 | 000,003,584 | ---- | M] () -- C:\Dokumente und Einstellungen\eXpendabLe\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.28 03:37:21 | 000,030,864 | ---- | M] () -- C:\Dokumente und Einstellungen\eXpendabLe\Eigene Dateien\CssBild.JPG [2011.02.28 02:39:29 | 000,194,048 | ---- | M] () -- C:\WINXP\System32\inject.dll [2011.02.27 02:11:42 | 000,001,861 | ---- | M] () -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Counter Strike Source 2010.lnk [2011.02.26 04:25:11 | 000,270,142 | ---- | M] () -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Minecraft.exe [2011.02.17 21:34:35 | 000,000,132 | ---- | M] () -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Adobe PNG Format CS5 Prefs [3 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ] [2 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.13 12:16:23 | 000,365,513 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe [2011.03.12 12:54:11 | 000,011,264 | ---- | C] () -- C:\WINXP\System32\drivers\uzczmjuz.sys [2011.03.06 01:24:55 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\eXpendabLe\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.28 03:37:21 | 000,030,864 | ---- | C] () -- C:\Dokumente und Einstellungen\eXpendabLe\Eigene Dateien\CssBild.JPG [2011.02.20 13:59:04 | 000,001,861 | ---- | C] () -- C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Counter Strike Source 2010.lnk [2011.02.20 02:38:40 | 000,001,469 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vuze.lnk [2010.12.27 20:22:55 | 000,075,776 | ---- | C] () -- C:\WINXP\System32\WS2Fix.exe [2010.12.27 20:22:54 | 000,051,200 | ---- | C] () -- C:\WINXP\System32\dumphive.exe [2010.12.27 20:22:54 | 000,040,960 | ---- | C] () -- C:\WINXP\System32\swsc.exe [2010.12.26 19:12:02 | 000,012,920 | ---- | C] () -- C:\WINXP\System32\apl001.sys [2010.12.26 19:12:02 | 000,010,872 | ---- | C] () -- C:\WINXP\System32\apf001.sys [2010.12.24 21:33:52 | 000,000,130 | ---- | C] () -- C:\WINXP\aspack.ini [2010.12.24 19:33:15 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat [2010.12.22 14:13:49 | 000,194,048 | ---- | C] () -- C:\WINXP\System32\inject.dll [2010.12.07 12:43:50 | 000,097,312 | ---- | C] () -- C:\WINXP\System32\drivers\Fwusb1b.bin [2010.12.05 16:22:34 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Adobe PNG Format CS5 Prefs [2010.11.22 13:10:22 | 000,010,752 | ---- | C] () -- C:\WINXP\System32\BASSMOD.dll [2010.11.17 12:40:52 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat [2010.11.07 00:43:57 | 000,001,146 | ---- | C] () -- C:\WINXP\Settings.ini [2010.10.29 18:14:11 | 000,052,836 | ---- | C] () -- C:\WINXP\System32\zlib1.dll [2010.10.29 18:14:08 | 000,162,304 | ---- | C] () -- C:\WINXP\System32\libpng13.dll [2010.10.29 18:14:07 | 000,394,752 | ---- | C] () -- C:\WINXP\System32\cygwinb19.dll [2010.10.29 18:14:05 | 001,199,179 | ---- | C] () -- C:\WINXP\unins001.exe [2010.10.29 18:14:05 | 000,009,851 | ---- | C] () -- C:\WINXP\unins001.dat [2010.10.29 18:13:59 | 000,709,719 | ---- | C] () -- C:\WINXP\unins000.exe [2010.10.29 18:13:59 | 000,007,889 | ---- | C] () -- C:\WINXP\unins000.dat [2010.10.29 18:06:08 | 000,164,064 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.10.29 14:55:29 | 000,240,592 | ---- | C] () -- C:\WINXP\System32\nvdrsdb0.bin [2010.10.29 14:55:26 | 000,240,592 | ---- | C] () -- C:\WINXP\System32\nvdrsdb1.bin [2010.10.29 14:55:26 | 000,000,001 | ---- | C] () -- C:\WINXP\System32\nvdrssel.bin [2010.10.29 14:54:50 | 002,293,194 | ---- | C] () -- C:\WINXP\System32\nvdata.bin [2010.10.29 13:49:11 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI [2010.10.29 13:47:46 | 003,406,000 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT [2010.10.29 13:39:21 | 000,049,152 | ---- | C] () -- C:\WINXP\System32\ChCfg.exe [2010.10.29 13:34:08 | 000,001,732 | R--- | C] () -- C:\WINXP\System32\drivers\nvphy.bin [2010.10.29 13:02:24 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat [2010.10.29 12:54:23 | 000,021,740 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat [2008.04.14 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin [2008.04.14 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat [2008.04.14 10:00:00 | 000,525,736 | ---- | C] () -- C:\WINXP\System32\perfh007.dat [2008.04.14 10:00:00 | 000,500,942 | ---- | C] () -- C:\WINXP\System32\perfh009.dat [2008.04.14 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat [2008.04.14 10:00:00 | 000,269,480 | ---- | C] () -- C:\WINXP\System32\perfi007.dat [2008.04.14 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat [2008.04.14 10:00:00 | 000,166,048 | RHS- | C] () -- C:\WINXP\System32\xupixge.dll [2008.04.14 10:00:00 | 000,104,528 | ---- | C] () -- C:\WINXP\System32\perfc007.dat [2008.04.14 10:00:00 | 000,086,952 | ---- | C] () -- C:\WINXP\System32\perfc009.dat [2008.04.14 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin [2008.04.14 10:00:00 | 000,034,478 | ---- | C] () -- C:\WINXP\System32\perfd007.dat [2008.04.14 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat [2008.04.14 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat [2008.04.14 10:00:00 | 000,004,463 | ---- | C] () -- C:\WINXP\System32\oembios.dat [2008.04.14 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINXP\System32\Dcache.bin [2008.04.14 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat [2007.09.11 15:28:00 | 000,286,720 | ---- | C] () -- C:\WINXP\System32\nvnt4cpl.dll ========== LOP Check ========== [2010.12.19 14:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService [2010.11.26 15:12:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2010.12.24 01:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2010.11.22 13:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screaming Bee [2010.10.29 13:45:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK Driver [2011.02.03 15:40:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6} [2011.02.12 04:21:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\.minecraft [2011.03.12 05:22:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Azureus [2010.11.03 17:46:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\CreeperWorld [2010.10.29 14:47:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1 [2010.11.04 18:38:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\CreeperWorld.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1 [2010.12.28 23:46:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Dev-Cpp [2010.11.25 13:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.02.16 18:15:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\FileZilla [2010.11.20 09:56:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\KillProcess [2010.10.29 16:23:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\LolClient [2010.11.20 23:57:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Nexon [2010.11.22 13:12:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Screaming Bee [2010.12.04 15:35:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.02.03 15:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\Stardock [2010.12.04 15:45:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\TeamViewer [2010.12.04 10:31:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\eXpendabLe\Anwendungsdaten\TS3Client ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.21 13:47:55 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32 [2010.12.16 00:22:37 | 000,000,000 | ---D | M] -- C:\076373028e092ec4ac7a6548658eb64d [2011.01.02 04:43:34 | 000,000,000 | ---D | M] -- C:\AeriaGames [2011.03.12 13:19:28 | 000,000,000 | ---D | M] -- C:\Avenger [2010.10.29 13:04:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.11.24 18:18:03 | 000,000,000 | ---D | M] -- C:\Fraps [2010.10.29 14:53:53 | 000,000,000 | ---D | M] -- C:\NVIDIA [2010.10.29 14:47:01 | 000,000,000 | ---D | M] -- C:\Postinstall [2010.10.31 08:16:16 | 000,000,000 | ---D | M] -- C:\Program Files [2011.03.12 13:18:08 | 000,000,000 | ---D | M] -- C:\Programme [2010.10.29 13:36:32 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.01.05 15:37:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.14 00:41:33 | 000,000,000 | ---D | M] -- C:\WINXP < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.04.14 10:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINXP\explorer.exe [2008.04.14 10:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINXP\system32\dllcache\explorer.exe < MD5 for: USERINIT.EXE > [2008.04.14 10:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\dllcache\userinit.exe [2008.04.14 10:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 10:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\dllcache\winlogon.exe [2008.04.14 10:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 14.03.2011 00:44:35 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\eXpendabLe\Desktop\Viruskilla
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
765,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 63,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 76,68 Gb Total Space | 29,09 Gb Free Space | 37,94% Space Free | Partition Type: NTFS
Computer Name: EXPENDABLE | User Name: eXpendabLe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"59161:TCP" = 59161:TCP:*:Enabled:Pando Media Booster
"59161:UDP" = 59161:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"59161:TCP" = 59161:TCP:*:Enabled:Pando Media Booster
"59161:UDP" = 59161:UDP:*:Enabled:Pando Media Booster
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"6892:TCP" = 6892:TCP:*:Enabled:League of Legends Launcher
"6892:UDP" = 6892:UDP:*:Enabled:League of Legends Launcher
"6959:TCP" = 6959:TCP:*:Enabled:League of Legends Launcher
"6959:UDP" = 6959:UDP:*:Enabled:League of Legends Launcher
"8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher
"8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher
"6884:TCP" = 6884:TCP:*:Enabled:League of Legends Launcher
"6884:UDP" = 6884:UDP:*:Enabled:League of Legends Launcher
"6995:TCP" = 6995:TCP:*:Enabled:League of Legends Launcher
"6995:UDP" = 6995:UDP:*:Enabled:League of Legends Launcher
"6898:TCP" = 6898:TCP:*:Enabled:League of Legends Launcher
"6898:UDP" = 6898:UDP:*:Enabled:League of Legends Launcher
"6890:TCP" = 6890:TCP:*:Enabled:League of Legends Launcher
"6890:UDP" = 6890:UDP:*:Enabled:League of Legends Launcher
"6948:TCP" = 6948:TCP:*:Enabled:League of Legends Launcher
"6948:UDP" = 6948:UDP:*:Enabled:League of Legends Launcher
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"6963:TCP" = 6963:TCP:*:Enabled:League of Legends Launcher
"6963:UDP" = 6963:UDP:*:Enabled:League of Legends Launcher
"4893:TCP" = 4893:TCP:*:Enabled:byzkhwd
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6919:TCP" = 6919:TCP:*:Enabled:League of Legends Launcher
"6919:UDP" = 6919:UDP:*:Enabled:League of Legends Launcher
"1117:TCP" = 1117:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Raptr\raptr.exe" = C:\Programme\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Programme\Raptr\raptr_im.exe" = C:\Programme\Raptr\raptr_im.exe:*:Enabled:Raptr IM
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{1FF78023-EFA4-491F-9F5A-284DE97AA326}" = TL-WN321G Wireless Utility
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366
"{CC084EC0-5F74-4A17-8635-3ED61D501643}_is1" = Flyff
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = Wireless LAN Driver and Utility
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.5026)
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}.vc_x86runtime_30729_5026" = Visual C++ 2008 x86 Runtime - v9.0.30729.5026
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoItv3" = AutoIt v3.3.6.1
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"conduitEngine" = Conduit Engine
"Fences" = Fences
"FileZilla Client" = FileZilla Client 3.3.5.1
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"LogMeIn Hamachi" = LogMeIn Hamachi
"M928366" =
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Neffy" = Neffy 1,3,29,0
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.7
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WolfTeam International_is1" = WolfTeam International
"WolfTeam-DE" = WolfTeam-DE
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.12.2010 12:31:34 | Computer Name = 192-168-178-20 | Source = crypt32 | ID = 131077
Description = Der automatische Aktualisierungsabruf des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 06.12.2010 12:31:34 | Computer Name = 192-168-178-20 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 10.12.2010 17:32:35 | Computer Name = 192-168-178-20 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hwidgen.exe, Version 0.0.0.0, fehlgeschlagenes
Modul hwidgen.exe, Version 0.0.0.0, Fehleradresse 0x00003a9e.
Error - 20.12.2010 14:26:07 | Computer Name = 192-168-178-20 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wtp_trial.exe, Version 0.0.0.0, fehlgeschlagenes
Modul wtp_trial.exe, Version 0.0.0.0, Fehleradresse 0x00389a87.
Error - 20.12.2010 14:26:29 | Computer Name = 192-168-178-20 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wtp_trial.exe, Version 0.0.0.0, fehlgeschlagenes
Modul wtp_trial.exe, Version 0.0.0.0, Fehleradresse 0x00389a87.
Error - 22.12.2010 09:12:45 | Computer Name = 192-168-178-20 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung un-pecompact 0.1b.exe, Version 0.0.0.0,
fehlgeschlagenes Modul un-pecompact 0.1b.exe, Version 0.0.0.0, Fehleradresse 0x000015e3.
Error - 22.12.2010 11:50:15 | Computer Name = 192-168-178-20 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.0.0.152, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5512, Fehleradresse 0x00012aeb.
Error - 22.12.2010 12:01:59 | Computer Name = 192-168-178-20 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.0.0.152, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5512, Fehleradresse 0x00012aeb.
Error - 23.12.2010 10:20:28 | Computer Name = 192-168-178-20 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wolfteam.bin, Version 1.0.0.1, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 26.12.2010 19:40:00 | Computer Name = 192-168-178-20 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung warrock.exe, Version 0.0.0.0, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Als ich aber GMER ausführen wollte , habe ich es genau nach Anleitung befolgt und auf Scan geklickt und nach ca. einer Minute hat er Irgendetwas gescannt das mein PC gecrasht hat, dort kam eine Meldung die sagte das irgendetwas einen System Notwendigen Prozess beendet hat und das System Herunterfahren muss, dort war dann eine Zeit von einer Minute bis das System automatisch herunterfährt. Ich hoffe ihr könnt mir Helfen da ich schon alles versucht habe aber dennoch ohne Erfolg. MFG Marvin |
|
14.03.2011, 11:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Virus blockiert Antivierseiten , was tun? Hi,
__________________was ist mit Malwarebytes? Geht das Tool?
__________________ |
|
15.03.2011, 02:01
| #3 |
| | Virus blockiert Antivierseiten , was tun? Erstmal danke für die Antwort, ich werde es sofort testen.
__________________EDIT: Malwarebytes hat 13 funde gemacht, habe ich natürlich alle entfernt. Hier der Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6058
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
15.03.2011 02:21:07
mbam-log-2011-03-15 (02-21-07).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141106
Laufzeit: 9 Minute(n), 58 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6
Infizierte Speicherprozesse:
c:\WINXP\test\svchost.exe (Backdoor.Bot) -> 540 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java(TM) Platform SA Auto Updater 2.0 (Backdoor.Bot) -> Value: Java(TM) Platform SA Auto Updater 2.0 -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\WINXP\test\svchost.exe (Backdoor.Bot) -> Delete on reboot.
c:\WINXP\system32\xupixge.dll (Worm.Conficker) -> Delete on reboot.
c:\WINXP\system32\01.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\WINXP\system32\inject.dll (Trojan.Injector) -> Quarantined and deleted successfully.
c:\WINXP\system32\winsec.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\expendable\eigene dateien\downloads\svchost.exe.txt (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
EDIT²: Okay ich kann nun wieder auf Antivierenseiten und Microsoft. Dafür schoneinmal ein dickes Dankeschön!  Aber nun meine frage zu den oben im ersten post genannten Prozessen, die existieren immernoch. Und mein Taskmanager wird auch immernoch nach jeden Systemstart deaktiviert. Hoffe das du mir dort auch weiterhelfen kannst. MFG Marvin Geändert von eXpendabLe (15.03.2011 um 02:37 Uhr) Grund: Update |
|
15.03.2011, 11:17
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus blockiert Antivierseiten , was tun?Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virus blockiert Antivierseiten , was tun? |
| .com, 0x00000001, 7-zip, akamai, alles blockiert, autorun, bho, blockiert, conduit, converter, counter-strike source, desktop, downloader, error, fehler, firefox, flash player, fontcache, hängt, league of legends, location, log's, logfile, microsoft .net framework 1.1 sp1, mozilla, mp3, oldtimer, plug-in, problem, realtek, remote control, saver, scan, searchplugins, security, shell32.dll, shortcut, skype.exe, software, studio, system, taskmanager, teamspeak, virus, visual studio, was tun |
Linear-Darstellung
