| |
| |||||||
Log-Analyse und Auswertung: Trojaner nach Besuch von suspekter WebseiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.05.2011, 14:34
| #31 |
| /// Malware-holic   |  Trojaner nach Besuch von suspekter Webseite doch doch. klicke mal kontroll zentrum, spende. und thx!
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.05.2011, 18:27
| #32 |
 | Trojaner nach Besuch von suspekter Webseite hi markusg, hier kommen die otl logs von dem anderen NB.
__________________Ich habe noch Fragen zu den XP Massnahmen: Wie gehn denn Updates mit secunia und file hippo? Was ist uac, dep (okay bin ich selber) und sehop? backup mit XP backup funktion? Danke im Voraus wie immer, znOTL Logfile: Code:
ATTFilter OTL logfile created on: 12.05.2011 18:46:47 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\yuko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 66,43 Gb Free Space | 22,29% Space Free | Partition Type: NTFS Computer Name: PRIVAT-8F2DTUGM | User Name: yuko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\yuko\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe () PRC - C:\WINDOWS\system32\lmabcoms.exe ( ) PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe (Check Point Software Technologies) PRC - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies) PRC - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies) PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Pfe\PFE32.EXE () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\yuko\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (lmab_device) -- C:\WINDOWS\System32\LMabcoms.exe ( ) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (SR_Watchdog) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies) SRV - (SR_Service) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (CP_OMDRV) -- C:\WINDOWS\system32\drivers\omdrv.sys (Check Point Software Technologies) DRV - (FW1) -- C:\WINDOWS\system32\drivers\fw.sys (Check Point Software Technologies) DRV - (VNASC) -- C:\WINDOWS\system32\drivers\vnasc.sys (Check Point Software Technologies) DRV - (VPN-1) -- C:\WINDOWS\System32\drivers\vpn.sys (Check Point Software Technologies) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-299502267-1177238915-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-299502267-1177238915-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.23 19:17:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.15 18:49:03 | 000,000,000 | ---D | M] [2010.07.03 19:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\yuko\Application Data\Mozilla\Extensions [2010.07.03 19:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\yuko\Application Data\Mozilla\Firefox\Profiles\w2fzsyvt.default\extensions [2009.08.18 23:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009.07.31 00:24:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2009.07.31 00:24:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2009.07.31 00:24:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2009.07.31 00:24:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011.02.13 13:45:38 | 000,000,800 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.178.22 ET0021B730800D lexmark ET0021B730800D.fritz.box O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe () O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-299502267-1177238915-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://placestest.linde.com/qp2.cab (Lotus Quickr Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212184580437 (WUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) ========== Files/Folders - Created Within 30 Days ========== [2011.05.12 18:40:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\yuko\Desktop\OTL.exe [2011.04.15 18:48:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.05.20 21:06:34 | 000,401,408 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll [2010.05.20 21:05:48 | 001,040,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabserv.dll [2010.05.20 21:05:48 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabusb1.dll [2010.05.20 21:05:48 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpmui.dll [2010.05.20 21:05:48 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiesc.dll [2010.05.20 21:05:47 | 000,905,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabip1.dll [2010.05.20 21:05:47 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomc.dll [2010.05.20 21:05:47 | 000,593,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcoms.exe [2010.05.20 21:05:47 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lmablmpm.dll [2010.05.20 21:05:47 | 000,479,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabpar1.dll [2010.05.20 21:05:47 | 000,450,560 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabiobj.dll [2010.05.20 21:05:47 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabcomm.dll [2010.05.20 21:05:47 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabinpa.dll [2010.05.20 21:05:47 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabhcp.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.11 21:51:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.11 21:47:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.10 19:37:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\yuko\Desktop\OTL.exe [2011.04.25 10:15:00 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.25 10:15:00 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.15 18:49:03 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2011.04.13 22:09:01 | 000,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.13 21:41:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.23 20:36:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\yuko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.15 17:29:40 | 000,000,814 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2010.03.15 17:28:24 | 000,068,946 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp [2010.03.15 17:28:24 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009.10.19 21:22:01 | 000,000,185 | ---- | C] () -- C:\WINDOWS\PSIDATA.INI [2009.08.18 21:20:32 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin [2009.08.18 21:20:32 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin [2009.05.07 22:06:16 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2008.08.23 19:28:49 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL [2008.05.31 17:03:47 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\yuko\Local Settings\Application Data\fusioncache.dat [2008.05.31 10:16:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008.05.31 10:16:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008.05.31 10:16:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008.05.31 10:16:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008.05.31 10:16:37 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008.05.31 10:16:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008.05.31 10:16:20 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat [2008.05.31 10:16:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll [2008.05.30 23:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008.05.30 23:42:20 | 000,000,303 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2008.05.30 23:42:19 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2008.05.30 23:05:57 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2008.05.30 22:37:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.05.30 22:14:46 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2008.05.30 22:14:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll [2008.05.30 21:35:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2008.05.30 21:02:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.05.30 21:01:50 | 000,198,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.05.30 20:37:29 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2008.05.30 20:36:09 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2008.05.30 19:25:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.05.30 19:21:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.01.29 16:15:16 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini [2008.01.29 16:15:04 | 000,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll [2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.09.15 19:39:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\epdfmonu.dll [2005.09.15 19:38:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\epdfmon.dll [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.01.13 18:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.08.23 14:00:00 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.08.23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.08.23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.08.23 14:00:00 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.08.23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.08.23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2010.04.01 19:10:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2009.05.07 22:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates [2008.05.31 10:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tdo114\Application Data\InterVideo [2010.04.01 19:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Canon [2008.07.03 22:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\InterVideo [2008.09.22 10:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\TVG [2010.02.10 23:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Wireshark ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2010.01.14 23:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2008.12.20 16:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2010.12.23 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010.04.01 19:10:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2008.05.30 23:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel [2009.05.07 22:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2008.09.12 21:01:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2009.05.07 22:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates [2009.09.01 09:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS [2008.05.31 00:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2009.08.18 23:51:44 | 001,925,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe < %APPDATA%\*. > [2008.06.16 16:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Adobe [2009.01.08 14:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Apple Computer [2010.04.01 19:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Canon [2008.08.23 19:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Help [2008.05.31 11:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Identities [2008.05.30 23:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Intel [2008.07.03 22:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\InterVideo [2008.05.31 15:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Macromedia [2009.09.01 17:15:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\yuko\Application Data\Microsoft [2010.07.03 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Mozilla [2008.05.31 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Sony Corporation [2008.09.22 10:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\TVG [2010.02.10 23:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\yuko\Application Data\Wireshark < %APPDATA%\*.exe /s > [2009.09.11 21:12:28 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\yuko\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.05.31 00:15:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.05.31 00:15:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2002.08.29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.05.31 00:15:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2002.08.29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys [2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.05.31 00:15:47 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2003.02.04 18:20:52 | 000,032,869 | ---- | M] () MD5=CE5E1F8F0E54F7BF3403F2D8FCD696FE -- C:\Perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2004.08.04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll [2004.08.04 00:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll < MD5 for: USERINIT.EXE > [2004.08.04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.05.30 21:00:59 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008.05.30 21:00:59 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008.05.30 21:00:59 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Files - Unicode (All) ========== [2010.09.18 20:17:05 | 000,000,527 | ---- | M] ()(C:\Documents and Settings\yuko\Desktop\???.lnk) -- C:\Documents and Settings\yuko\Desktop\日本語.lnk [2010.09.18 20:17:05 | 000,000,527 | ---- | C] ()(C:\Documents and Settings\yuko\Desktop\???.lnk) -- C:\Documents and Settings\yuko\Desktop\日本語.lnk [2009.10.25 21:26:26 | 000,000,683 | ---- | M] ()(C:\Documents and Settings\yuko\Desktop\3·4?.lnk) -- C:\Documents and Settings\yuko\Desktop\3・4級.lnk [2009.10.25 21:26:26 | 000,000,683 | ---- | C] ()(C:\Documents and Settings\yuko\Desktop\3·4?.lnk) -- C:\Documents and Settings\yuko\Desktop\3・4級.lnk [2008.07.02 19:51:12 | 000,000,903 | ---- | M] ()(C:\Documents and Settings\yuko\Desktop\Shortcut to ????? ???? Tamasaburo Wisteria Maiden part 2.flv.lnk) -- C:\Documents and Settings\yuko\Desktop\Shortcut to 坂東玉三郎 「藤娘」 Tamasaburo Wisteria Maiden part 2.flv.lnk [2008.07.02 19:51:12 | 000,000,903 | ---- | M] ()(C:\Documents and Settings\yuko\Desktop\Shortcut to ????? ???? Tamasaburo Wisteria Maiden part 1.flv.lnk) -- C:\Documents and Settings\yuko\Desktop\Shortcut to 坂東玉三郎 「藤娘」 Tamasaburo Wisteria Maiden part 1.flv.lnk [2008.07.02 19:51:12 | 000,000,903 | ---- | C] ()(C:\Documents and Settings\yuko\Desktop\Shortcut to ????? ???? Tamasaburo Wisteria Maiden part 2.flv.lnk) -- C:\Documents and Settings\yuko\Desktop\Shortcut to 坂東玉三郎 「藤娘」 Tamasaburo Wisteria Maiden part 2.flv.lnk [2008.07.02 19:51:12 | 000,000,903 | ---- | C] ()(C:\Documents and Settings\yuko\Desktop\Shortcut to ????? ???? Tamasaburo Wisteria Maiden part 1.flv.lnk) -- C:\Documents and Settings\yuko\Desktop\Shortcut to 坂東玉三郎 「藤娘」 Tamasaburo Wisteria Maiden part 1.flv.lnk < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.05.2011 18:46:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\yuko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 66,43 Gb Free Space | 22,29% Space Free | Partition Type: NTFS
Computer Name: PRIVAT-8F2DTUGM | User Name: yuko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.txt [@ = PFE32] -- C:\Program Files\Pfe\PFE32.EXE ()
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
"C:\WINDOWS\system32\lmabcoms.exe" = C:\WINDOWS\system32\lmabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP Server -- ( )
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8B63F6AD-3DBF-4585-A5FC-CB73CE793D53}" = ActivePerl 5.8.0 Build 805
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{901E0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP German User Interface Pack
"{901E0411-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Japanese User Interface Pack
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{c5ae39ac-ff79-47e1-b69c-c05ac7de9cf2}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EAF092E3-6B95-41E8-B468-94B85DAD8603}" = eDocPrinter PDF Pro Ver 6.24
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"098E72BE084523AD9FE1828606AD199163AA1997" = Windows Driver Package - Marvell (yukonwxp) Net (05/03/2007 10.14.6.3)
"474492506B458A0013C8197612FA45B887DF7B06" = Windows Driver Package - Sony Corporation (SPI) HIDCLASS (08/20/2002 7.0.3.820)
"52FF2F1604EFE31A0D22A65BEC8F88375DBADADD" = Windows Driver Package - Texas Instruments Inc (ti21sony) MTD (04/23/2007 2.0.0.18)
"6228B4FE0926AA3D873E8209B97FB99D06CC1DD8" = Windows Driver Package - Sony Corporation (SNC) HIDClass (06/04/2002 6.0.0.2)
"8345F5933B4883C4FCF9A5A3E64747174EE3102D" = Windows Driver Package - NVIDIA (nv) Display (11/21/2007 6.14.11.6747)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B50F9D9AA12CD48F59EFB5611B928A2E3C8648F8" = Windows Driver Package - CXT (winachsf) Modem (07/11/2006 7.50.00.00)
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = Soft Data Fax Modem with SmartCP
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"D1E4309621EB769C9C3578D2C54FB1B2553E9AB8" = Windows Driver Package - Alps (ApfiltrService) Mouse (05/25/2007 5.3.512.7)
"E8EC15B2535809BEB8EC52A446F8167635CDF509" = Windows Driver Package - CXT (winachsf) Modem (07/11/2006 7.50.00.00)
"FLV Player" = FLV Player 2.0, build 24
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InterActual Player" = InterActual Player
"Lexmark_HostCD" = Lexmark Software Uninstall
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Memory Stick Icon1.0" = Memory Stick Icon
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.10.2010 14:37:07 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 23.10.2010 02:53:48 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x07610068.
Error - 01.11.2010 06:40:18 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application SR_Service.exe, version 63.0.10.52, faulting
module DataStruct.dll, version 63.0.0.2, fault address 0x00005fea.
Error - 15.12.2010 16:57:35 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application SR_Service.exe, version 63.0.10.52, faulting
module LogonISReg.dll, version 63.0.0.10, fault address 0x00007ef1.
Error - 15.12.2010 16:58:07 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application sr_gui.exe, version 63.0.10.52, faulting module
datastruct.dll, version 63.0.0.2, fault address 0x0000543c.
Error - 15.12.2010 17:00:35 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 15.12.2010 17:22:56 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 18.12.2010 07:59:48 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x08680068.
Error - 21.12.2010 14:46:24 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0b0d0068.
Error - 29.01.2011 10:39:46 | Computer Name = PRIVAT-8F2DTUGM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0caf0068.
[ System Events ]
Error - 12.05.2011 02:39:11 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 37170 seconds ago, assumi-->
Error - 12.05.2011 02:39:11 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: -->ng clock change.
Error - 12.05.2011 03:30:46 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 2354 seconds ago, assumin-->
Error - 12.05.2011 03:30:46 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: -->g clock change.
Error - 12.05.2011 08:06:33 | Computer Name = PRIVAT-8F2DTUGM | Source = Service Control Manager | ID = 7034
Description = The Check Point VPN-1 Securemote service service terminated unexpectedly.
It has done this 1 time(s).
Error - 12.05.2011 09:53:29 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 2192 seconds ago, assumin-->
Error - 12.05.2011 09:53:29 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: -->g clock change.
Error - 12.05.2011 12:36:58 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 8550 seconds ago, assumin-->
Error - 12.05.2011 12:36:58 | Computer Name = PRIVAT-8F2DTUGM | Source = FW1 | ID = 1
Description = FW1: -->g clock change.
Error - 12.05.2011 12:39:36 | Computer Name = PRIVAT-8F2DTUGM | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{98C04219-2589-4D2B-B500-29CEBB33EB98}. The
backup browser is stopping.
< End of report >
|
|
12.05.2011, 18:45
| #33 |
| /// Malware-holic | Trojaner nach Besuch von suspekter Webseite "Wie gehn denn Updates mit secunia und file hippo?!"
__________________hast du die beiden programme instaliert? eig muss man nur den links folgen, bzw kann man einiges automatisch instalieren lassen. uac steht nicht unter xp, gibts nur bei vista und win7 dep bitte den link lesen, bei fragen melden. sehop ist nur für vista /windows 7 backup mit dem programm welches in der anleitung steht. der ist ebenfalls sauber, alle tipps umsetzen bitte. hier noch mal der link http://www.trojaner-board.de/96344-a...-rechners.html die tipps für xp sind das, was du benötigst, außer das eingeschrenkte konto.
__________________ |
|
12.05.2011, 19:08
| #34 |
| | Trojaner nach Besuch von suspekter Webseite Danke! Dann habe ich am Wochenende etwas sinnvolles zu tun. Soll ja sowieso regnen. :-( Die Sandbox ist wirklich interessant... |
|
12.05.2011, 19:31
| #35 |
| /// Malware-holic | Trojaner nach Besuch von suspekter Webseite ja ist sie. und arbeitet zuverlässiger als ein antiviren programm, da dort nichts was ich aktuell kenne ausbrechen kann.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.05.2011, 20:33
| #36 |
| | Trojaner nach Besuch von suspekter Webseite hi markus, bin gerade dabei, die xp sachen umzusetzen. Mit dem Secunia Teil habe ich probs. Das teil stürzt immer ab. Scheinbar DEP. Dabei habe ich dep schon nur für windows progs und services an. Nur für psi.exe zu disablen hat auch nichts gebracht. Hast du einen Tipp? Danke und Gruß, zn |
|
13.05.2011, 20:36
| #37 |
| /// Malware-holic | Trojaner nach Besuch von suspekter Webseite gibt es ne meldung von dep? eig dürfte da nichts passieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.05.2011, 21:00
| #38 |
| | Trojaner nach Besuch von suspekter Webseite jetzt habe ich dep über boot.ini execute ausgeschalten und es geht. Aber jetzt ist dep dann ganz aus... Vorher mit mit noexecute oder noexecute=OptIn und psi.exe ausgschlossen, kam mal keine Meldung (fenster einfach zugegangen) oder es kam die typische dep meldung mit link zur hilfe etc. Der Scan war aber durchgelaufen mit 94%! Gar nicht so schlecht. Wenn ich dann aber in das Fenster reingeklickt habe war es dann aus. Ich muß mal etwas rumexperimentieren. Aber das frißt so viel Zeit...  |
|
13.05.2011, 21:52
| #39 |
| | Trojaner nach Besuch von suspekter Webseite So hier noch mal systematisch: Bevor ich die boot.ini geändert und PSI installiert hatte, war in der boot.ini /NoExecute=OptIn. Nie ein Problem damit gehabt. Habe von dep gar nichts gewußt. Nach Installtion von PSI: /NoExecute=OptIn -> Fenster schließt sich ohne Fehlermeldung /noexecute C:\Program Files\Secunia\PSI\psi.exe DisableNXShowUI Fenster schließt sich ohne Fehlermeldung /NoExecute=OptOut C:\Program Files\Secunia\PSI\psi.exe DisableNXShowUI Fenster schließt sich ohne Fehlermeldung /NoExecute=OptOut C:\Program Files\Secunia\PSI\psi.exe EnableNXShowUI typisch DEP Fehlermeldung /execute PSI läuft okay Nun fällt mir nichts mehr ein. Wegen PSI muß ich dep auschalten. Macht das Sinn? |
|
14.05.2011, 10:30
| #40 |
| /// Malware-holic | Trojaner nach Besuch von suspekter Webseite kommst du mit file hippo zu recht? dann würde ich secunia deinstalieren, dep für alle prozesse einschalten und nur file hippo nutzen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2011, 11:38
| #41 |
| | Trojaner nach Besuch von suspekter Webseite ja, hippo ist okay. Aber scheinbar nicht so umfassend wie Secunia. Was hälst Du davon: Normalerweis dep an und hippo. Einmal im Monat kurz dep aus und secunia? An die Services habe ich mich noch nicht gewagt. Da hatte ich früher schon mal einen Menge "Spass" damit. Ich glaube, ich lass das. Obwohl ich weiß, wie wichtig das ist. ABer das kann eine Menge Ärger bdeuten. Danke. Gruß, zn |
|
14.05.2011, 12:33
| #42 |
| /// Malware-holic | Trojaner nach Besuch von suspekter Webseite ja, ist ok denke ich :-) ist eig komisch das die dep da rumm spinnt, du bist erst der zweite user bei dem ich das hab, hatte aber schon beim ersten keine zufriedenstellende lösung gefunden. hippo wird dich aber mit den meisten updates versorgen das passt deswegen denke ich. und wenn du den rest einhälltst passt das sowieso :-) geht denn secunia und der rest auf allen andern pcs die wir hier durchgejagt haben :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.05.2011, 13:52
| #43 |
| | Trojaner nach Besuch von suspekter Webseite so, das hat eine zeit gedauert. Auf den anderen PCs ging es ohne Probleme. Als nächstes möchte ich mir mal den Sandbox anschauen... Danke bis hierhin... zn |
|
16.05.2011, 14:06
| #44 |
| /// Malware-holic | Trojaner nach Besuch von suspekter Webseite ist eig keine großartig schwierige sache, instalieren, für deinen browser wie beschrieben konfigurieren, auf sandboxed web browser klicken, anstelle des browser symbols und los gehts. schließen einfach ganz normal über das offnene browser fenster. der einzige unterschied: bei downloads die du machst, musst du bestätigen, hinterher, dass sie außerhalb der sandbox gespeichert werden dürfen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojaner nach Besuch von suspekter Webseite |
| .dll, besuch, bytes, c:\windows, c:\windows\system32\services.exe, crypt, experten, explorer.exe, files, gmer-log, hook, install, kernel, link, link geklickt, lsass.exe, scan, secur, service, services.exe, shell, shell32.dll, software, suspekt, svchost.exe, system, system32, trojaner, udp, webseite |
Linear-Darstellung
