| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows DefenderWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.03.2011, 16:32
| #1 |
 |  Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender Hallo ihr Leute  ich hoffe Ihr seid gut drauf und könnt mir mit meinem Problem helfen, ich hab leider keine Erfahrung mit bzw Ahnung von sowas und bin ziemlich überfordert QQ... zwar gibt es hier am TB schon ähnliche Threads, aber mit den dort angebotenen Lösungen kann ich leider nichts anfangen. Ausserdem wollte ich auch nicht einfach was nachmachen, was ich nicht verstehe und das nicht 100% sicher auch hilft (frei nach Schritt 1 der Foren-Regeln) :/ Zum Problem: Windows Defender hat folgenden Fund gemeldet: Backdoor:Win32/Cycbot.B Ressourcen: file: (ist das der Fundort?) C:\Users\Admin\AppData\Roaming\Microsoft\conhost.exe Symptome: Mein Laptop läuft in letzter Zeit suuuperlangsam und erhitzt sehr schnell. Ich habe die empfohlenen scans gemacht (OTL und gmer. also dass, was die load.exe liefert). Zusätzlich habe ich auch noch einen Quickscan mit malwarebytes gemacht und die Funde gelöscht (so wie in der ANleitung vom TB). Alle log-dateien sind im angehängten .zip Für den schnellen Überblick lasse ich die malwarebytes-log zusätzlich hier stehen (der Rest hätte nicht mehr gepasst). Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6049 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 14.03.2011 15:46:07 mbam-log-2011-03-14 (15-46-07).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 157303 Laufzeit: 9 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: c:\program files\IDM\desktop sms\desktopsms.exe (Worm.P2P) -> 3936 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Value: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Desktop SMS (Worm.P2P) -> Value: Desktop SMS -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\IDM\desktop sms\desktopsms.exe (Worm.P2P) -> Quarantined and deleted successfully. Ich hoffe das war nicht zuviel des Guten bzw. Schlechten und es kann jemand was damit anfangen... was kann ich tun, um den Trojaner wieder los zu werden? Wird mein Laptop wieder sicher, sodass ich damit wieder email, ebay, banking usw gefahrlos nutzen kann? Schonmal vielen Dank im Voraus für eure Hilfe. Beste Grüße, Conny |
|
14.03.2011, 19:01
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows DefenderZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
14.03.2011, 21:58
| #3 | |
| | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows DefenderZitat:
Habe MBAM nochmals aktualisiert und den Vollscan machen lassen. Die 2 Funde wie in der TB Anleitung beschrieben gelöscht. log des Vollscans: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6056 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 14.03.2011 21:51:59 mbam-log-2011-03-14 (21-51-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 307287 Laufzeit: 1 Stunde(n), 26 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. Ende des logs. Ist das die Information, die Du meintest? Beste Grüße, Conny |
|
15.03.2011, 11:00
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2011, 14:11
| #5 | |
| | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows DefenderZitat:
Habe mir das Programm neulich erst heruntergeladen, von daher gibt es auch keine älteren logs - falls Du sowas in der Art meintest. Vielen Dank für die Mühe Gruß, Conny |
|
15.03.2011, 16:15
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows DefenderZitat:
Verwende bitte die Windows-Firewall. Mach nach der Deinstallation von ZoneAlarm neue Log mit der OTL.exe und poste sie.
__________________ --> Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender |
|
15.03.2011, 21:51
| #7 | |
| | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows DefenderZitat:
Okay, ZA ist deinstalliert. Hier nun die neuen OTL-logs, erstellt nach der Anleitung aus deinem link:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.03.2011 21:30:34 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Admin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 38,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,22 Gb Total Space | 28,12 Gb Free Space | 37,88% Space Free | Partition Type: NTFS Drive E: | 73,36 Gb Total Space | 40,82 Gb Free Space | 55,64% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe () PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Eraser\Eraser.exe (The Eraser Project) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.) PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe () PRC - C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Adobe\Acrobat 5.0\Distillr\acrotray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TOSHIBA Bluetooth Service) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (ATI Technologies, Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {3160baf9-cf68-48ec-9076-faed7ce49467} - C:\Programme\dict.cc\tbdic1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61354 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531}:1.4.1 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.04.18 13:33:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.15 18:47:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.09 18:18:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.30 18:08:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.09.11 09:51:37 | 000,000,000 | ---D | M] [2008.09.01 12:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2011.03.15 18:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions [2010.02.26 01:27:16 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2008.09.02 17:20:00 | 000,000,000 | ---D | M] (SwitchProxy Tool) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531} [2010.09.26 18:44:58 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.08.02 15:09:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.02.26 01:27:18 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2009.07.25 21:46:53 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011.03.08 14:24:21 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.01.17 14:41:40 | 000,000,943 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\searchplugins\conduit.xml [2011.03.09 23:18:33 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\searchplugins\icqplugin-1.xml [2009.07.20 10:38:00 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\searchplugins\icqplugin-2.xml [2009.07.24 18:44:02 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\searchplugins\icqplugin-3.xml [2009.08.05 21:21:51 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\searchplugins\icqplugin-4.xml [2009.09.24 18:56:49 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\searchplugins\icqplugin-5.xml [2009.10.29 23:52:25 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\searchplugins\icqplugin-6.xml [2010.06.09 21:17:30 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\searchplugins\icqplugin-7.xml [2010.12.23 02:55:24 | 000,000,950 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\searchplugins\icqplugin-8.xml [2009.07.13 16:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\searchplugins\icqplugin.xml [2011.03.15 18:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.19 19:52:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.03.26 13:42:58 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2009.03.26 13:42:59 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2009.09.03 17:37:47 | 000,000,000 | ---D | M] (DVDVideoSoft YouTube Download Firefox Integration) -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY [2009.07.19 19:52:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2009.04.18 13:33:20 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2010.06.09 18:18:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.09 18:18:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.09 18:18:12 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.09 18:18:12 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.09 18:18:12 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.03.09 16:50:25 | 000,431,225 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14845 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx () O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (dict.cc Toolbar) - {3160baf9-cf68-48ec-9076-faed7ce49467} - C:\Programme\dict.cc\tbdic1.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (dict.cc Toolbar) - {3160baf9-cf68-48ec-9076-faed7ce49467} - C:\Programme\dict.cc\tbdic1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (dict.cc Toolbar) - {3160BAF9-CF68-48EC-9076-FAED7CE49467} - C:\Programme\dict.cc\tbdic1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [TOSCDSPD] File not found O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\Shell\AutoRun\command - "" = b3b9u.com O33 - MountPoints2\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\Shell\explore\Command - "" = b3b9u.com O33 - MountPoints2\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\Shell\open\Command - "" = b3b9u.com O33 - MountPoints2\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\Shell\AutoRun\command - "" = b3b9u.com O33 - MountPoints2\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\Shell\explore\Command - "" = b3b9u.com O33 - MountPoints2\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\Shell\open\Command - "" = b3b9u.com O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.15 21:19:10 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.03.15 16:14:24 | 000,000,000 | ---D | C] -- C:\Programme\Activision [2011.03.14 13:38:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.14 13:37:12 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.03.14 13:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.03.14 13:24:16 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Admin\Desktop\Erunt-setup.exe [2011.03.14 13:24:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.03.14 13:24:16 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\TFC.exe [2011.03.10 02:25:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2011.03.10 02:25:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.10 02:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.10 02:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.10 02:25:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.10 02:25:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.10 01:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\MigWiz [2011.03.09 16:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DllCure [2011.03.09 16:40:11 | 000,000,000 | ---D | C] -- C:\Programme\DLL Cure [2011.03.09 15:34:51 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 15:34:50 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 15:34:50 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 15:34:50 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.08 14:25:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\ForceField Shared Files [2011.03.08 14:25:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\CheckPoint [2011.03.08 14:24:09 | 000,000,000 | ---D | C] -- C:\Programme\ZoneAlarm-Sicherheit [2011.03.08 14:22:55 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2011.03.08 14:22:50 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll [2011.03.08 14:22:06 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.02.24 12:47:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.24 12:44:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.24 12:43:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.24 12:43:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.24 12:43:57 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.24 12:43:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.24 12:43:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.24 12:43:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.24 12:43:53 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.24 12:43:53 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.24 12:43:52 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.24 12:43:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.24 12:43:36 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.24 12:43:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.24 12:43:36 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.24 12:43:36 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.24 12:43:36 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll ========== Files - Modified Within 30 Days ========== [2011.03.15 21:25:45 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job [2011.03.15 21:25:41 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.03.15 21:25:30 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.15 21:25:30 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.15 21:25:29 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.03.15 21:25:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.15 21:25:14 | 2143,764,480 | -HS- | M] () -- C:\hiberfil.sys [2011.03.15 14:03:05 | 000,003,304 | ---- | M] () -- C:\Users\Admin\Desktop\mbam.zip [2011.03.14 16:22:37 | 000,035,849 | ---- | M] () -- C:\Users\Admin\Desktop\logfiles.zip [2011.03.14 16:21:57 | 000,035,849 | ---- | M] () -- C:\Users\Admin\Desktop\Desktop.zip [2011.03.14 13:37:13 | 000,000,738 | ---- | M] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk [2011.03.14 13:37:13 | 000,000,719 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk [2011.03.14 13:24:21 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Admin\Desktop\Erunt-setup.exe [2011.03.14 13:24:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.03.14 13:24:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\TFC.exe [2011.03.14 13:24:17 | 000,296,448 | ---- | M] () -- C:\Users\Admin\Desktop\g2m3e4r.exe [2011.03.13 12:36:01 | 000,009,241 | ---- | M] () -- C:\Users\Admin\Desktop\Anleitung.html [2011.03.13 12:16:14 | 000,365,513 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe [2011.03.10 02:25:31 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.09 16:50:25 | 000,431,225 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.03.09 16:40:12 | 000,000,802 | ---- | M] () -- C:\Users\Admin\Desktop\DLL Cure.lnk [2011.03.09 14:56:20 | 000,000,680 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2011.03.08 13:57:57 | 000,430,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110309-165025.backup [2011.03.07 19:53:47 | 000,003,216 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\BEBE.C68 [2011.03.06 10:52:45 | 000,430,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110308-135757.backup [2011.02.18 17:28:58 | 000,046,592 | ---- | M] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll [2011.02.16 22:15:58 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.16 22:15:58 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.16 22:15:58 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.16 22:15:58 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2011.03.15 14:03:05 | 000,003,304 | ---- | C] () -- C:\Users\Admin\Desktop\mbam.zip [2011.03.14 16:22:37 | 000,035,849 | ---- | C] () -- C:\Users\Admin\Desktop\logfiles.zip [2011.03.14 16:21:57 | 000,035,849 | ---- | C] () -- C:\Users\Admin\Desktop\Desktop.zip [2011.03.14 13:37:13 | 000,000,738 | ---- | C] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk [2011.03.14 13:37:13 | 000,000,719 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk [2011.03.14 13:24:16 | 000,296,448 | ---- | C] () -- C:\Users\Admin\Desktop\g2m3e4r.exe [2011.03.13 12:41:20 | 000,009,241 | ---- | C] () -- C:\Users\Admin\Desktop\Anleitung.html [2011.03.13 12:16:23 | 000,365,513 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe [2011.03.10 02:25:31 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.09 16:40:12 | 000,000,802 | ---- | C] () -- C:\Users\Admin\Desktop\DLL Cure.lnk [2011.03.07 00:37:11 | 000,003,216 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\BEBE.C68 [2011.02.24 12:43:41 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.24 12:43:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.02.24 12:43:41 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.10.28 13:30:05 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2010.10.18 05:17:58 | 000,113,436 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.03.05 19:53:11 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll [2009.10.19 21:18:21 | 000,024,206 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png [2009.09.18 18:18:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.18 18:18:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.09 12:17:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.03.26 13:42:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.03.25 22:42:43 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini [2008.12.04 21:30:19 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2008.11.04 10:46:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.03 14:03:31 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2008.09.18 12:02:31 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008.09.07 03:11:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.04 15:01:41 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll [2008.09.04 15:01:35 | 000,077,824 | ---- | C] () -- C:\Windows\System32\adistres.dll [2008.09.03 00:50:05 | 000,000,016 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.09.03 00:50:05 | 000,000,016 | -H-- | C] () -- C:\Users\Admin\AppData\Local\mxfilerelatedcache.mxc2 [2008.09.03 00:29:22 | 000,044,544 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.22 16:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.07.12 20:33:09 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat [2007.07.12 20:33:09 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat [2007.07.12 20:33:09 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2007.07.12 20:33:09 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2007.07.12 09:54:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.07.12 09:54:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.07.12 09:54:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.07.12 09:45:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.07.12 09:45:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.07.12 09:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.07.12 09:45:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.07.12 09:45:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.07.12 09:45:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.07.12 09:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2007.06.25 19:34:26 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2007.04.16 07:35:21 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.04.16 07:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.04.16 06:26:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007.04.16 06:26:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007.04.16 06:26:26 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007.04.16 06:26:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007.04.16 06:23:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.04.16 05:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll [2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 16:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,303,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.11.23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2008.11.13 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe_Limited [2009.06.21 13:38:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon [2011.03.08 14:25:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CheckPoint [2010.09.26 18:44:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.08 16:59:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gnupg [2009.07.17 11:01:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GrabPro [2009.09.27 20:17:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2008.09.29 13:50:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ [2009.07.24 20:10:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Inkscape [2008.09.04 15:00:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InterTrust [2008.09.02 22:03:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView [2010.10.15 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LolClient [2009.03.10 00:28:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2009.07.17 11:07:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Orbit [2009.10.19 21:18:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking [2008.09.18 12:02:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft [2009.03.25 22:39:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SteelBytes [2008.11.04 10:46:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird [2009.02.19 14:31:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Toshiba [2011.03.03 02:01:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TrueCrypt [2011.02.14 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client [2008.11.08 19:39:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2009.03.14 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XnView [2011.03.15 21:25:41 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2011.03.15 21:24:23 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.03.2011 21:30:34 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 38,00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 28,12 Gb Free Space | 37,88% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 40,82 Gb Free Space | 55,64% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03932EC0-1315-486D-B9E4-DAC91915097F}" = lport=6993 | protocol=6 | dir=in | name=league of legends launcher |
"{43FEDDAF-FA8C-4CD6-9186-8348587CA56F}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher |
"{479D97FE-4360-405B-900C-2AD9BE4AE0CA}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{4B9F0F5F-F3B5-4E4A-BF74-D3DC337913AC}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{520E7572-313A-4DE3-A036-3D4CE605CE21}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher |
"{5EB9C61B-835E-4CBF-A0F9-C882D9DCE338}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher |
"{6CE8DE00-7B1F-4C7B-A8DC-C8D7654D9FA9}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher |
"{71521633-EFB6-41C1-928F-FD178C259418}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher |
"{73743D11-9D2C-42F8-9C7E-A0E3A7B508F9}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{848545AA-687F-45E9-8FB6-2E0C7E35D8ED}" = lport=6993 | protocol=17 | dir=in | name=league of legends launcher |
"{938080C8-E20E-42B5-872B-D2DB2F16E59E}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{D0F0B963-2EEA-4897-8382-4A060AAC43C2}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{F131CD7D-15BA-4305-B899-6193D06E4F27}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{F2646BB7-4779-4709-8312-F7595177106A}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C8A731-08C8-42C9-89B2-D412CE387367}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{05DEBBB7-492A-4EB6-A957-69B1C1FE3961}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{068BE654-CD63-4A6C-8D1E-B1CA0A50C699}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C9A1343-308D-407D-88A0-A020C2D4016F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CBB4449-DA45-4BDC-B523-C19A0DD53782}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11D918D6-B4C7-41B4-90F7-F3CAB5609E32}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{134FB3CA-3A90-40A9-9B5E-26151DA94901}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1BE09BE7-49BD-457C-9B90-501F1F06B74B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D323C21-3199-45F9-9F35-6FFCEC628E16}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1E28EDCA-76A5-4F6F-AE41-071E96BD5A7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F339380-8F8A-4F2F-976E-741898D1A9DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B547364-3CC3-466F-9C9E-6670598D0277}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{319A4932-D39B-48D9-AAFE-38BB954DB1E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32949506-AD82-4D5C-BA32-948248E11255}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ECF6C9D-5DB3-4B27-9DCD-3FF1FC97F22B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4198B822-E3A9-4F44-BCBF-829272863518}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{499DE5B9-5BD2-4F76-86E0-3E83732FB2D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F2C0F9F-C4D5-43E1-B08C-86E303B2CE6D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{637EC269-B92A-47BA-A57E-282429A8D214}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6B457DCF-01BB-4F27-AD63-0847050821B2}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{712244BB-DE70-41EF-A361-64E82F8DA249}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{729E62F7-20B2-4A9B-90A1-9BF504FE99F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A3E453A-7EBB-4309-8495-FE6F67108CB8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{83D4CE2A-D230-447F-986E-6BE448DBB2E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BD95445-70CF-4DF6-B44F-4F942E0C2512}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92DD942F-6D07-49EA-97AB-60F4E5EE90E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA63A466-8363-4DF4-B500-894311F6563E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AB42B592-B313-4E8C-957B-4F038DE98010}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC9DD67E-244D-461C-AF58-E908F5DA9308}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFC65CBA-3ADE-4446-A1C0-AA3BDF9DAD1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5249CFB-0771-4582-92E9-CD9C1D7A9BBD}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{B83DE946-2EE4-4E16-897C-BCE11CA3E99C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0FEF3CA-A63B-40D9-9027-226E5C5E8861}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1A23195-D6F8-4205-8BD8-F6BC0607620A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3899063-5438-44E2-99E8-9E9E253E1317}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C4613C2D-45F2-49B6-B3A6-190627AFF896}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{C5CE16BF-6EA3-48F4-ADB9-E13000B54AED}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D86CF03C-6974-45E7-B1AE-E22B34C12E9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7B8F478-5173-45B2-A52F-0A8AE9D1670A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8619089-8BC8-4B7E-82CC-3F08A2DD462C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EADB9ECD-36C8-43B6-B3FA-32905087D3C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB202595-FCEA-42DD-A093-DE114BB791AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F83AF07D-CD2A-4004-AA3C-53A522C48F63}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCEF3243-B49C-494C-8683-A84527932824}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDE59CAC-BE66-403D-AEBE-E76FA0FF49EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{93E54867-448B-4BA7-87C5-1B2DE448E9F5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{379FEB96-7BE2-448D-A912-FDF710C6EAEA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00004EE8-1E8B-BB10-6588-07DF0D120F6B}" = CCC Help Korean
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E107FC-1861-FC4A-E80F-07DA9DC5808C}" = Catalyst Control Center Graphics Previews Vista
"{03C55715-3545-2DF8-8C64-2BB877955150}" = Catalyst Control Center Localization Chinese Traditional
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0755396F-D048-8CDD-6AC3-C7C83A6869B5}" = CCC Help Czech
"{08B7B1F9-A8EB-7632-FFC3-04AB5328143B}" = CCC Help Chinese Standard
"{09F52B2B-8B36-130C-5EBD-6E5FFC5FA0B7}" = CCC Help English
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E1C53DA-DF86-845A-7BEB-14C4A8E0B150}" = Catalyst Control Center Localization Korean
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15B924BC-AEB2-7E31-F414-1FC7B385846A}" = CCC Help Greek
"{20CFE038-F4CE-0716-DCA0-04BBD67FE5EA}" = CCC Help Turkish
"{2126F5BB-AB90-083F-7AA8-A29D73819DAA}" = CCC Help French
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26E6EA50-532C-8CF3-5EB4-8C8D306EAB58}" = Catalyst Control Center Localization Polish
"{27CD3616-D3B0-834C-89A3-4FC5CEE7374D}" = Catalyst Control Center Graphics Full Existing
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28912B61-0265-3C33-7EC7-14345AC76E3D}" = CCC Help Hungarian
"{2D06C1FE-8454-5663-D0E9-1C130FD96446}" = Catalyst Control Center Localization Norwegian
"{30F9E15A-EE25-6D32-62CE-2E6BEAED3766}" = CCC Help Italian
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{342A19C7-3335-C02F-F1DD-3A0B49C3D047}" = Catalyst Control Center Localization Greek
"{34EF4F67-A3CE-DAB6-FA06-7C4C59A0D462}" = Catalyst Control Center Localization Swedish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE22BE4-E2D3-F0E8-1C52-1B5A5F97B876}" = Catalyst Control Center Localization Turkish
"{400F4990-B111-109A-6B08-E80CB42651AA}" = Catalyst Control Center Localization Danish
"{44479884-EB6D-38DA-1D3E-835625E40F7E}" = Catalyst Control Center Graphics Previews Common
"{480CA9F1-17E2-0B15-9684-511C0A083F92}" = Catalyst Control Center Localization Thai
"{4F31172C-2692-BB28-8F5B-86474CEC5D33}" = Catalyst Control Center Localization Chinese Standard
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54AAFB71-6DCB-32EB-8F91-DA7643497ED4}" = Catalyst Control Center Localization Spanish
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5D1CB0EC-0CA2-B4FD-2A10-2503A3CF7E46}" = Catalyst Control Center Localization Italian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFE618D-0100-6DE7-9894-5FD057103871}" = Catalyst Control Center Core Implementation
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63D10FBD-5667-DAD9-0B31-CED873B3F7EF}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7936153F-8D09-BC11-6DC4-1D4DEAB9D680}" = CCC Help Thai
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8018AD38-3EBB-A031-D4F8-EF6A5952F168}" = ATI Catalyst Install Manager
"{816B8A02-76F0-AE47-E28F-0AD114CC261E}" = CCC Help Polish
"{82AB4F83-BBBA-8F04-EE34-11F74E39A4B6}" = Catalyst Control Center Localization German
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86158699-F584-0DC9-119D-C5A6591090FB}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{920E3F1A-0B73-807D-EE0E-E6D89D4E5DDE}" = Catalyst Control Center Localization Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{985AF15E-776F-3CDD-EB92-2DAFF02697FB}" = Skins
"{98CE747E-4948-10B0-BBF0-5981A11114D1}" = Catalyst Control Center Localization Hungarian
"{99F54171-AE4A-579B-1544-5870478FC8F7}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1BAD23B-748C-50FD-CCA9-956C3F54D138}" = CCC Help German
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABD82299-8034-4B44-4FDB-3F8971C20575}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{ACE07E37-A416-9A6B-D352-C776FFA49493}" = CCC Help Spanish
"{B2AEC44B-F926-773D-D028-77CADEF8D9D3}" = CCC Help Norwegian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B537ACDB-7C56-83B6-034C-A5AF6400F789}" = CCC Help Swedish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8AB4511-EECC-9299-45B3-F25F4774F6F2}" = CCC Help Russian
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BD75C1A0-F0ED-B54A-B49C-3244B47BA803}" = ccc-utility
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C6317675-96CC-D2AE-40F2-698F3DED64B4}" = CCC Help Portuguese
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7FAEA9E-A14C-D8C9-EEE9-8D43F9E09565}" = Catalyst Control Center Localization Czech
"{CC35C434-FFC8-BDD8-44F0-ED0972484C56}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D646CA8B-5227-1598-5E9C-132B2D89A38D}" = Catalyst Control Center Localization Japanese
"{D8E302CB-8517-3E9B-C6C9-E90A21C6EFC5}" = CCC Help Danish
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{F0BB634D-B374-A329-EE5D-22C279F92A7F}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C1426C-6670-4068-6398-EB490D45979F}" = Catalyst Control Center Localization Portuguese
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F8B5B814-A3BF-F83F-09ED-AED9EE88211A}" = Catalyst Control Center Localization French
"{F927176F-F8F0-FACF-A57E-4F95714B6F00}" = Catalyst Control Center Localization Russian
"{FA7BB878-FC13-7548-13D3-18A53381014D}" = CCC Help Japanese
"{FB56EE4D-7CBC-6FDC-E336-52BD269E4CF6}" = Catalyst Control Center Localization Finnish
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"dict.cc Toolbar" = dict.cc Toolbar
"DivX Setup.divx.com" = DivX-Setup
"DLL Cure_is1" = DLL Cure v2.8
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Eraser" = Eraser
"ERUNT_is1" = ERUNT 1.1j
"Exifer_is1" = Exifer
"f4" = f4 3.0.2
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"GPG4Win" = GnuPG For Windows
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Inkscape" = Inkscape 0.46
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"JAP" = JAP
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"myphotobook" = myphotobook 3.1
"OpenAL" = OpenAL
"Privoxy" = Privoxy 3.0.6
"RealPlayer 6.0" = RealPlayer
"SKAT XXL " = SKAT XXL
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tor" = Tor 0.2.0.34
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"Vidalia" = Vidalia 0.1.10
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.12.2009 16:02:31 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.12.2009 08:08:58 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.12.2009 04:47:50 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.12.2009 20:26:41 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.12.2009 04:11:41 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.12.2009 13:52:25 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.12.2009 22:18:41 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.12.2009 19:27:26 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2009 17:26:36 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.12.2009 08:06:18 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 15.03.2011 16:18:07 | Computer Name = Admin-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
Error - 15.03.2011 16:18:07 | Computer Name = Admin-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
Error - 15.03.2011 16:19:48 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.03.2011 16:19:48 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.03.2011 16:24:19 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
Error - 15.03.2011 16:25:15 | Computer Name = Admin-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
Error - 15.03.2011 16:25:15 | Computer Name = Admin-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
Error - 15.03.2011 16:25:15 | Computer Name = Admin-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
Error - 15.03.2011 16:26:57 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.03.2011 16:26:57 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Ach so, und 2 Fragen hätt ich noch, falls das nicht zu viel Arbeit macht - ansonsten erkundige ich mich da woanders, kein Problem 1. Ist die Windows-Firewall allein wirklich ausreichend? Gibt es sinnvolle Programme zur Ergänzung? 2. Nach der Deinstallation von ZoneAlarm und Neustart öffnete sich automatisch eine Fenster "cpes_clean_launcher.exe". Ich habe es versehentlich geschlossen, dann nochmals Neustart gemacht um es mir genauer anzuschauen, doch jetzt taucht es nicht mehr auf... was könnte das gewesen sein? Besten Gruß, Conny |
|
16.03.2011, 09:40
| #8 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows DefenderZitat:
Zitat:
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61354
[2009.07.25 21:46:53 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.03.08 14:24:21 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.03.15 18:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.19 19:52:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.03.26 13:42:58 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.03.26 13:42:59 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2009.09.03 17:37:47 | 000,000,000 | ---D | M] (DVDVideoSoft YouTube Download Firefox Integration) -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY
[2009.07.19 19:52:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (dict.cc Toolbar) - {3160baf9-cf68-48ec-9076-faed7ce49467} - C:\Programme\dict.cc\tbdic1.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (dict.cc Toolbar) - {3160baf9-cf68-48ec-9076-faed7ce49467} - C:\Programme\dict.cc\tbdic1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (dict.cc Toolbar) - {3160BAF9-CF68-48EC-9076-FAED7CE49467} - C:\Programme\dict.cc\tbdic1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\Shell\AutoRun\command - "" = b3b9u.com
O33 - MountPoints2\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\Shell\explore\Command - "" = b3b9u.com
O33 - MountPoints2\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\Shell\open\Command - "" = b3b9u.com
O33 - MountPoints2\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\Shell\AutoRun\command - "" = b3b9u.com
O33 - MountPoints2\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\Shell\explore\Command - "" = b3b9u.com
O33 - MountPoints2\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\Shell\open\Command - "" = b3b9u.com
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 13:52
| #9 |
| | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender Hallo Habe den Fix mit OTL gemacht. Die Log-Datei öffnete nach dem Neustart automatisch: All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\searchplugin folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\META-INF folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\lib folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\defaults folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\components folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\chrome folder moved successfully. C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\53jej67e.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\skin folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale\EN-US folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\content folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully. C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME folder moved successfully. C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com folder moved successfully. C:\Programme\Mozilla Firefox\extensions folder moved successfully. Folder C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found. Folder C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. Folder C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\ not found. C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY\components folder moved successfully. C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY\chrome\content folder moved successfully. C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY\chrome folder moved successfully. C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY folder moved successfully. Folder C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully. C:\Programme\AskBarDis\bar\bin\askBar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3160baf9-cf68-48ec-9076-faed7ce49467}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3160baf9-cf68-48ec-9076-faed7ce49467}\ deleted successfully. C:\Programme\dict.cc\tbdic1.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}\ deleted successfully. C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully. C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully. File C:\Programme\AskBarDis\bar\bin\askBar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3160baf9-cf68-48ec-9076-faed7ce49467} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3160baf9-cf68-48ec-9076-faed7ce49467}\ not found. File C:\Programme\dict.cc\tbdic1.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found. File Sicherheit\tbZone.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found. File C:\Programme\AskBarDis\bar\bin\askBar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3160BAF9-CF68-48EC-9076-FAED7CE49467} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3160BAF9-CF68-48EC-9076-FAED7CE49467}\ not found. File C:\Programme\dict.cc\tbdic1.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}\ not found. File Sicherheit\tbZone.dll not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\ not found. File b3b9u.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\ not found. File b3b9u.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19dbedf1-3cb3-11df-839d-001b38ab4c96}\ not found. File b3b9u.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\ not found. File b3b9u.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\ not found. File b3b9u.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19dbee1f-3cb3-11df-839d-001b38ab4c96}\ not found. File b3b9u.com not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Admin ->Temp folder emptied: 10512761 bytes ->Temporary Internet Files folder emptied: 62066 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 51022926 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 2741 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 26002 bytes RecycleBin emptied: 1709 bytes Total Files Cleaned = 59,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03162011_132920 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Was hat es mit den von Dir angesprochenen Sicherheitskopien der gefixten Elemente auf sich? Können die mir Probleme machen? Muss ich die aufbewahren? Ansonsten: [QUOTE=cosinus;630060] Wieso wird die Windows-Firewall immer wieder in Frage gestellt? Hm, ist das eine retorische Frage? Ich tue das nicht wirklich begründet, habe nämlich kaum Ahnung und schnappe nur dies und das auf... z.B. das Windows-Produkte aufgrund der exponierten Stellung von Microsoft besonders oft zum Ziel von Malware, Viren etc. werden. Viele Leute in meinem Umfeld bevorzugen u.a. deshalb Linux/Ubuntu. Inwiefern deren Misstrauen gegnüber Windows sicherheitstechnisch begründet ist oder auf anderen Gründen oder Voreingenommenheit basiert kann ich tatsächlich nicht sagen... ist interessant - aber auch schon ziemlich off-topic, nicht? Vielen Dank soweit & besten Gruß, Conny |
|
16.03.2011, 14:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 17:45
| #11 |
| | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender Okay, habe CCleaner laufen lassen und danach die cofi.exe - so wie in der Anleitung. Hat soweit alles gut geklappt. Hier die cofi-log: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-15.03 - Admin 16.03.2011 17:12:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1109 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\cofi.exe
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Admin\FAVORI~1\mxfilerelatedcache.mxc2
c:\users\Admin\Favorites\mxfilerelatedcache.mxc2
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-16 bis 2011-03-16 ))))))))))))))))))))))))))))))
.
.
2011-03-16 16:21 . 2011-03-16 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-14 12:37 . 2011-03-14 12:37 -------- d-----w- c:\program files\ERUNT
2011-03-13 11:16 . 2011-03-13 11:16 365513 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
2011-03-10 01:25 . 2011-03-10 01:25 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2011-03-10 01:25 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-10 01:25 . 2011-03-10 01:25 -------- d-----w- c:\programdata\Malwarebytes
2011-03-10 01:25 . 2011-03-10 01:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-10 01:25 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-10 00:44 . 2011-03-10 00:44 -------- d-----w- c:\users\Admin\AppData\Local\MigWiz
2011-03-09 15:40 . 2011-03-09 15:40 -------- d-----w- c:\program files\DLL Cure
2011-03-09 14:34 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 14:34 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 14:34 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 14:34 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 14:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 14:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 13:25 . 2011-03-08 13:25 -------- d-----w- c:\users\Admin\AppData\Roaming\CheckPoint
2011-03-08 13:24 . 2011-03-16 12:29 -------- d-----w- c:\program files\ZoneAlarm-Sicherheit
2011-03-08 13:22 . 2011-03-08 13:22 -------- d-----w- c:\program files\CheckPoint
2011-03-08 13:22 . 2011-02-18 16:28 46592 ----a-w- c:\windows\system32\vsutil_loc0407.dll
2011-03-08 13:22 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-24 11:44 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-02 22:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-10 01:50 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 01:50 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 01:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 01:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 01:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-10 01:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-10 01:50 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 01:50 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 01:50 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 01:50 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 01:50 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 01:50 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 01:50 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 01:50 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 01:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 01:50 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 01:50 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 01:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-10 01:50 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 01:50 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 01:50 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 01:50 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 01:50 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 01:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 01:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 01:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-10 01:50 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-10 01:50 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-10 01:49 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 01:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-10 01:50 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 13:51 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27 . 2011-02-10 01:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-10 01:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-10 01:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-10 01:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22 . 2011-02-10 01:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25 . 2011-02-10 01:50 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-10 01:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-10 01:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2008-09-02 1225920]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2009-01-21 4033618]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"NDSTray.exe"="NDSTray.exe" [BU]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-04-16 77824]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-18 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-9-4 82026]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-4 110592]
Anleitung.exe [2011-3-13 365513]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c02186560296;Google Update Service (gupdate1c9c02186560296);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-08-16 100368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-11-26 17:47]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 12:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm-Sicherheit Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=
FF - Ext: SwitchProxy Tool: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531} - %profile%\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-16 17:21
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{18415c2d-cce0-4643-8325-2397b5fd12a9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1ba9192e-a810-41e4-9571-416a29f6b562}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f0016e3
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{31ad29d5-6bee-42c3-93ee-f6dc3fc19c93}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:18000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{34a76019-bcce-4313-9aaa-aec8c3c433bf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f0016cf
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{38671ac7-6ed9-425b-829d-9d0bb7d7d3cb}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0b001b9e
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6961b119-cdc9-4139-89d7-c06b01bd28ae}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7d18d203-b55d-4f1e-a0d1-bac60ab0364e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0016d4
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{82f5df43-f348-43b6-a44c-b69a0ebc1a1c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:090016cf
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d0daca61-45df-496a-93a2-362873dbb8ba}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d0016d4
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2011-03-16 17:26:03
ComboFix-quarantined-files.txt 2011-03-16 16:26
.
Vor Suchlauf: 14 Verzeichnis(se), 29.927.723.008 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 32.145.219.584 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,8
- - End Of File - - 15042D451DE37709B9A2A9ACD10675DC
Nochmal Dank & Gruß, Conny |
|
16.03.2011, 19:21
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 20:36
| #13 | ||
| | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender Hallo nochmal Zitat:
Hat soweit gut funktioniert, bis auf eine Sache: Die auf hxxp://www.bleepingcomputer.com/forums/topic114351.html (link ist aus der Combofix-Anleitung) beschriebene Deaktivierung von Spybot Teatimer konnte ich nur teilweise durchführen, da bei mir in der Werkzeug-Liste der Punkt "System Startup" nicht auftaucht. Ich finde zwar "Systemstart", darin aber wiederum kein Kästchen des TeaTimers, welches ich nach der Anleitung freimachen soll... Den "Resident TeaTimer" konnte ich aber wie beschrieben deaktivieren. Nunja. Hier erstmal das neue log-file: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-15.03 - Admin 16.03.2011 19:56:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1232 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Admin\Desktop\CFScript.txt
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-16 bis 2011-03-16 ))))))))))))))))))))))))))))))
.
.
2011-03-16 19:04 . 2011-03-16 19:04 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-03-16 19:04 . 2011-03-16 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 16:11 . 2011-03-16 16:26 -------- d-----w- C:\cofi
2011-03-16 15:09 . 2011-03-16 15:09 -------- d-----w- c:\program files\CCleaner
2011-03-16 12:29 . 2011-03-16 12:29 -------- d-----w- C:\_OTL
2011-03-15 20:19 . 2011-03-15 20:19 -------- d-----w- c:\windows\Internet Logs
2011-03-15 16:27 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98EAA5E8-91DF-4B25-9478-D27AE7D22153}\mpengine.dll
2011-03-15 15:14 . 2011-03-15 15:14 -------- d-----w- c:\program files\Activision
2011-03-14 12:37 . 2011-03-14 12:37 -------- d-----w- c:\program files\ERUNT
2011-03-10 01:25 . 2011-03-10 01:25 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2011-03-10 01:25 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-10 01:25 . 2011-03-10 01:25 -------- d-----w- c:\programdata\Malwarebytes
2011-03-10 01:25 . 2011-03-10 01:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-10 01:25 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-10 00:44 . 2011-03-10 00:44 -------- d-----w- c:\users\Admin\AppData\Local\MigWiz
2011-03-09 15:40 . 2011-03-09 15:40 -------- d-----w- c:\program files\DLL Cure
2011-03-09 14:34 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 14:34 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 14:34 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 14:34 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 14:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 14:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 13:25 . 2011-03-08 13:25 -------- d-----w- c:\users\Admin\AppData\Roaming\CheckPoint
2011-03-08 13:24 . 2011-03-16 12:29 -------- d-----w- c:\program files\ZoneAlarm-Sicherheit
2011-03-08 13:22 . 2011-03-08 13:22 -------- d-----w- c:\program files\CheckPoint
2011-03-08 13:22 . 2011-02-18 16:28 46592 ----a-w- c:\windows\system32\vsutil_loc0407.dll
2011-03-08 13:22 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-24 11:44 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-02 22:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-10 01:50 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 01:50 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 01:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 01:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 01:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-10 01:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-10 01:50 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 01:50 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 01:50 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 01:50 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 01:50 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 01:50 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 01:50 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 01:50 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 01:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 01:50 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 01:50 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 01:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-10 01:50 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 01:50 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 01:50 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 01:50 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 01:50 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 01:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 01:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 01:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-10 01:50 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-10 01:50 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-10 01:49 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 01:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-10 01:50 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 13:51 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27 . 2011-02-10 01:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-10 01:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-10 01:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-10 01:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22 . 2011-02-10 01:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25 . 2011-02-10 01:50 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-10 01:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-10 01:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2008-09-02 1225920]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2009-01-21 4033618]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"NDSTray.exe"="NDSTray.exe" [BU]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-04-16 77824]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-18 198160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-9-4 82026]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-4 110592]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c02186560296;Google Update Service (gupdate1c9c02186560296);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-08-16 100368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-11-26 17:47]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 12:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\53jej67e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm-Sicherheit Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=
FF - Ext: SwitchProxy Tool: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531} - %profile%\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-16 20:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
Zeit der Fertigstellung: 2011-03-16 20:08:46
ComboFix-quarantined-files.txt 2011-03-16 19:08
ComboFix2.txt 2011-03-16 16:26
.
Vor Suchlauf: 18 Verzeichnis(se), 32.075.702.272 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 31.926.902.784 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,8
- - End Of File - - 862533AFA82DF5D536BB6826E7CDDAA5
Zitat:
Gruß, Conny |
|
17.03.2011, 08:50
| #14 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows DefenderZitat:
Zitat:
 Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 12:53
| #15 |
| | Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender Hat gut funktioniert, von daher: Bescheid!  Besten Gruß, Conny |
|
| Themen zu Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender |
| 100%, anti-malware, appdata, backdoor, backdoor:win32/cycbot.b, browser, defender, desktop, ebay, email, explorer, file, folge, gelöscht, helper, laptop, load.exe, log-files, malwarebytes, microsoft, nicht mehr, problem, roaming, sms, software, trojaner, windows, worm.p2p, zuviel |
Linear-Darstellung
