| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internet lahmt und ZugriffsverweigerungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.05.2011, 10:04
| #1 |
| |  Internet lahmt und Zugriffsverweigerungen Hallo seit paar Tagen geht mein Internet nur noch sehr langsam, aber nur mit Firefox und IE8. Mit Opera ist alles normal. Weitere Symptome sind, das manchmal beim Öffnen des Firefox und IE Zugriffsverweigerungen gibt, da ich angeblich nicht berechtigt bin. Mein Ping ist normalerweise auf 10-30ms. Aber beim Firefox ist er dauernd auf knappe 200ms. Habe auch Malwarebytes usw drüberlaufen lassen die auch was gefunden haben, es ist aber nicht besser. Mit HijackThis hab ich schon etliches gefixt. Mehrere Antiviren programme drüberlaufen lassen, die finden aber nichts mehr. Trotzdem besteht mein Problem weiterhin, das das Internet sau lahm ist. Könnt ihr mir helfen? OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.05.2011 10:55:11 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Fish\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 44,69 Gb Total Space | 15,18 Gb Free Space | 33,97% Space Free | Partition Type: NTFS
Drive E: | 107,97 Gb Total Space | 36,19 Gb Free Space | 33,52% Space Free | Partition Type: NTFS
Computer Name: THOMAS | User Name: Fish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- E:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [edit] -- "E:\Programme\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- "E:\Programme\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"16768:TCP" = 16768:TCP:*:Disabled:BitComet 16768 TCP
"16768:UDP" = 16768:UDP:*:Disabled:BitComet 16768 UDP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\AudioDriver.exe" = C:\WINDOWS\system32\AudioDriver.exe:*:Enabled:UPnP Firewall
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS SmartDoctor
"{16E6A5A1-B6ED-4915-86FD-4EBF221D050F}_is1" = concept/design onlineTV 2
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{39CC2082-FC28-11D8-89D3-C55F7C09987F}" = CMDcheck_personal
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{4E31D9A6-245B-41A6-949D-C7B029A703D2}" = iTNC530 (340494)
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DE1B7CF-7429-40CA-987F-6BEE09B63787}" = Prime95
"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6515FE5E-9F36-448F-934E-10CD94821807}" = AMD OverDrive
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{76F0FEBD-6C17-4D57-EA50-DD6EBDB54F6C}" = Ultimate ZIP Cracker Trial version
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{983A2596-2010-11D4-9103-00105A0DE2E8}" = LEGO Studios
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 1.72
"{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15F6758-D185-4377-9F3A-7B30B03E9A97}" = MSI DigiCell
"{B468AE7B-C667-4073-BED8-EAD17D5EE08C}" = TL-WN321G Wireless Utility
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBB784BD-F8C8-460C-B9FE-15DA02B51223}" = TMPGEnc MPEG Editor 2.0 Testversion
"{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBA7BAA5-375A-4D53-BEF0-B46D71E547E7}" = Simulationsprogramm ILS Ingolstadt
"{DFB5612F-AF7E-4CB3-00AB-3C0CD2520B29}" = FUSSBALL MANAGER 06
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOP" = Norton AddOn Pack
"Applian FLV Player2.0.24" = Applian FLV Player
"AudioCD MP3 Studio Suite" = AudioCD MP3 Studio Suite
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"BitComet" = BitComet 0.70
"Canon MP270 series Benutzerregistrierung" = Canon MP270 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Convert Image To PDF_is1" = Convert Image To PDF
"Core Center" = Core Center
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"D050D7362D214723AD585B541FFB6C11" = DivX Content Uploader
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular 11.4.1.4323" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"eMule" = eMule
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v2.80
"FBDBServer_1_5_is1" = Firebird 1.5.2.4731
"FireTune1.0.9 for Firefox v1.x" = FireTune
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"HijackThis" = HijackThis 2.0.2
"hp deskjet 990c series_Driver" = hp deskjet 990c series
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS SmartDoctor
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InterActual Player" = InterActual Player
"Interwise Participant" = Interwise Participant
"IrfanView" = IrfanView (remove only)
"iVideoMAX_is1" = iVideoMAX 3.9
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MSI Live Update 3" = MSI Live Update 3
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Multimedia Converter 2.0" = Nokia Multimedia Converter 2.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"RivaTuner" = RivaTuner v2.0 RC 15.7
"SopCast" = SopCast 3.0.3
"ST6UNST #2" = Visual Basic 6.0 Runtime&Steuerelemente
"ST6UNST #3" = PKH-fix 3.2
"Steam" = Steam
"Streamripper.Plugin" = Streamripper Plugin 1.61.27 (Remove only)
"StyleXP" = StyleXP (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TAPI" = AVM TAPI Services for FRITZ!Box
"ThumbsPlus7x" = ThumbsPlus 7x (deutsch)
"Trillian" = Trillian
"TrueImage" = Acronis*True*Image
"TuneUp Utilities" = TuneUp Utilities
"TV Player" = Veetle TV Player 0.9.9
"tvbrowser" = TV-Browser 2.6.3
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle Broadcast Application" = Veetle Broadcast Application 0.9.1
"Veetle TV Player" = Veetle TV Player 0.9.9
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ System Events ]
Error - 11.05.2011 04:48:46 | Computer Name = THOMAS | Source = Service Control Manager | ID = 7034
Description = Dienst "Nero BackItUp Scheduler 3" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 11.05.2011 04:48:46 | Computer Name = THOMAS | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 11.05.2011 04:48:46 | Computer Name = THOMAS | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 11.05.2011 04:48:46 | Computer Name = THOMAS | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Symantec Network Proxy" wurde mit folgendem dienstspezifischem
Fehler beendet: 4294967295 (0xFFFFFFFF).
Error - 11.05.2011 04:48:46 | Computer Name = THOMAS | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Startup and Shutdown Monitor service" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 11.05.2011 04:48:46 | Computer Name = THOMAS | Source = Service Control Manager | ID = 7034
Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 11.05.2011 04:51:07 | Computer Name = THOMAS | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "SrtETmp" auf Volume "HarddiskVolume1"
ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000243" aufgetreten.
Die Volumeüberwachung wurde angehalten.
Error - 11.05.2011 04:52:59 | Computer Name = THOMAS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PLFlash DeviceIoControl Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 11.05.2011 04:52:59 | Computer Name = THOMAS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.05.2011 04:52:59 | Computer Name = THOMAS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SABKUTIL sptd
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.05.2011 10:55:11 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Fish\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 44,69 Gb Total Space | 15,18 Gb Free Space | 33,97% Space Free | Partition Type: NTFS Drive E: | 107,97 Gb Total Space | 36,19 Gb Free Space | 33,52% Space Free | Partition Type: NTFS Computer Name: THOMAS | User Name: Fish | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.11 10:47:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fish\Desktop\OTL.exe PRC - [2011.05.11 09:44:51 | 000,136,360 | ---- | M] (Avira GmbH) -- E:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.05.11 09:44:48 | 000,421,032 | ---- | M] (Avira GmbH) -- E:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.05.11 09:44:47 | 000,339,624 | ---- | M] (Avira GmbH) -- E:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.05.11 09:44:47 | 000,269,480 | ---- | M] (Avira GmbH) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.28 14:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe PRC - [2010.11.19 16:32:52 | 000,743,232 | ---- | M] (TuneUp Software) -- E:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010.11.19 16:31:52 | 001,051,968 | ---- | M] (TuneUp Software) -- E:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2010.02.26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- E:\Programme\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe PRC - [2010.02.26 01:22:09 | 000,194,424 | R--- | M] (Symantec Corporation) -- E:\Programme\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\4.7.0.10\ccproxy.exe PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2006.05.24 20:31:06 | 000,372,736 | ---- | M] () -- C:\Programme\TGTSoft\StyleXP\StyleXPService.exe PRC - [2005.11.20 22:18:47 | 000,151,552 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2005.10.18 15:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2005.08.17 23:50:42 | 000,118,272 | ---- | M] (TuneUp Software GmbH) -- E:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe ========== Modules (SafeList) ========== MOD - [2011.05.11 10:47:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fish\Desktop\OTL.exe MOD - [2010.09.20 21:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- E:\Programme\Norton Internet Security\Engine\17.8.0.5\asoehook.dll MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2009.07.12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll MOD - [2009.07.12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll MOD - [2005.08.17 23:50:42 | 000,076,288 | ---- | M] () -- E:\Programme\TuneUp Utilities 2006\WinStylerThemeHelper.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (PnkBstrA) SRV - File not found [Auto | Stopped] -- -- (PLFlash DeviceIoControl Service) SRV - [2011.05.11 09:44:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.05.11 09:44:48 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.05.11 09:44:47 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.05.11 09:44:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.02.13 18:17:06 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- E:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011.01.28 14:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2010.11.19 16:31:52 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- E:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.11.19 16:29:54 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.02.26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- E:\Programme\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS) SRV - [2010.02.26 01:22:09 | 000,194,424 | R--- | M] (Symantec Corporation) [Auto | Running] -- E:\Programme\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\4.7.0.10\ccProxy.exe -- (ccProxy) SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.09.05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2008.02.28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2006.05.24 20:31:06 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Programme\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService) SRV - [2005.11.20 22:18:47 | 000,151,552 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2005.10.18 15:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) SRV - [2005.08.17 23:50:42 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- E:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.12.13 01:05:20 | 001,527,893 | ---- | M] (The Firebird Project) [On_Demand | Stopped] -- E:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2004.12.13 01:05:20 | 000,065,536 | ---- | M] (The Firebird Project) [On_Demand | Stopped] -- E:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011.05.11 09:44:51 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.05.11 09:44:51 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.10 09:35:12 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011.05.10 09:35:12 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.04.15 22:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2011.03.31 10:48:10 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110510.024\NAVEX15.SYS -- (NAVEX15) DRV - [2011.03.31 10:48:10 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110510.024\NAVENG.SYS -- (NAVENG) DRV - [2011.03.14 20:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110509.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Neuer Ordner\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.05.06 06:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI) DRV - [2010.04.29 07:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON) DRV - [2010.04.22 05:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA) DRV - [2010.04.22 04:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP) DRV - [2010.04.22 04:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010.02.26 02:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Neuer Ordner\sasdifsv.sys -- (SASDIFSV) DRV - [2010.01.17 22:03:28 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- E:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.08.30 02:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006.05.19 23:16:24 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2006.05.19 23:16:24 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2006.02.14 23:05:56 | 000,164,992 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\athsgt.sys -- (athsgt) DRV - [2006.02.14 23:05:56 | 000,012,544 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\limsgt.sys -- (limsgt) DRV - [2006.02.12 00:16:30 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05) DRV - [2006.02.11 22:07:52 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi) DRV - [2006.01.12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2005.11.27 20:55:13 | 000,004,047 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 3\FlashUty\AMI\Memctl.sys -- (Memctl) DRV - [2005.11.20 22:18:44 | 000,210,400 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2005.11.20 22:18:44 | 000,081,280 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2005.11.20 22:18:44 | 000,028,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2005.10.31 23:44:39 | 000,010,880 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper) DRV - [2005.10.20 22:01:06 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO) DRV - [2005.10.20 10:29:02 | 000,005,376 | ---- | M] (Overclocking Tool) [Kernel | On_Demand | Stopped] -- E:\Programme\ASUS\SmartDoctor\atidgllk.sys -- (atidgllk) DRV - [2005.10.18 15:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2005.09.09 09:25:00 | 000,006,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\Programme\RivaTuner v2.0 RC 15.7\RivaTuner32.sys -- (RivaTuner32) DRV - [2005.09.09 09:25:00 | 000,003,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\NVStrap.sys -- (NVStrap) DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.06.20 23:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.06.04 15:01:30 | 000,038,208 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- E:\Programme\MSI\Core Center\RushTop.sys -- (RushTopDevice) DRV - [2005.05.20 17:27:16 | 000,021,728 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- E:\Programme\MSI\Core Center\NTGLM7X.SYS -- (PCAlertDriver) DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005.04.06 03:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005.04.06 03:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004.11.09 23:32:10 | 000,021,968 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PStrip.sys -- (PStrip) DRV - [2004.10.21 05:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004.07.16 08:19:52 | 000,070,400 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004.07.05 15:25:00 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2004.06.09 00:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2004.06.03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2004.04.02 15:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2003.03.14 14:18:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2002.09.17 13:55:06 | 000,003,548 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 3\FlashUty\Award\WinFlash.sys -- (WINFLASH) DRV - [2001.08.17 15:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald) DRV - [2001.08.17 15:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.05.26 15:47:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.01.27 18:22:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: E:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.08 20:49:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.09 19:25:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: E:\Programme\Mozilla Firefox\components [2011.05.10 10:02:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.03.22 18:03:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.04.20 11:31:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2006.02.09 20:13:35 | 000,000,000 | ---D | M] [2010.06.06 14:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Mozilla\Extensions [2010.06.06 14:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.10 09:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Mozilla\Firefox\Profiles\daregc96.default\extensions [2009.09.23 21:06:33 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Mozilla\Firefox\Profiles\daregc96.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2007.10.21 13:44:00 | 000,000,000 | ---D | M] ("Fasterfox") -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Mozilla\Firefox\Profiles\daregc96.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66} [2005.11.30 21:15:32 | 000,000,000 | ---D | M] (FirefoxModern) -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Mozilla\Firefox\Profiles\daregc96.default\extensions\{d8bd53e7-7ad6-4fb0-9dea-ee0f111fb4c8} [2010.10.27 20:56:20 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Mozilla\Firefox\Profiles\daregc96.default\extensions\vshare@toolbar [2010.10.27 20:56:35 | 000,001,583 | ---- | M] () -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Mozilla\Firefox\Profiles\daregc96.default\searchplugins\web-search.xml [2008.06.14 17:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.04.07 20:39:20 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org File not found (No name found) -- () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FISH\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DAREGC96.DEFAULT\EXTENSIONS\{0538E3E3-7E9B-4D49-8831-A227C80A7AD3}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FISH\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DAREGC96.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FISH\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\DAREGC96.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2008.05.15 18:03:59 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll [2008.05.15 18:03:59 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll [2008.05.15 18:03:59 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll [2008.05.15 18:03:59 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll [2008.05.15 18:03:59 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll [2007.12.10 21:41:48 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2007.12.10 21:41:48 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2007.12.10 21:41:48 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2007.12.10 21:41:48 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.09 23:41:47 | 004,288,537 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Programme\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Programme\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Programme\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Programme\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Fish\Startmenü\Programme\Autostart\atomzeit.lnk = E:\Programme\Atomuhr\atomzeit.exe () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - E:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131651008343 (WUWebControl Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (longhornui.exe) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Neuer Ordner\SASWINLO.DLL - E:\Neuer Ordner\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Fish\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Fish\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Neuer Ordner\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2005.11.10 18:17:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3d78b0f4-183a-11dd-a24a-001109dc35a8}\Shell - "" = AutoRun O33 - MountPoints2\{3d78b0f4-183a-11dd-a24a-001109dc35a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3d78b0f4-183a-11dd-a24a-001109dc35a8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{4fa683ec-6026-11da-92b6-001109dc35a8}\Shell - "" = AutoRun O33 - MountPoints2\{4fa683ec-6026-11da-92b6-001109dc35a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4fa683ec-6026-11da-92b6-001109dc35a8}\Shell\AutoRun\command - "" = G:\RunGame.exe O33 - MountPoints2\{dd42da73-da67-11de-a57f-001109dc35a8}\Shell - "" = AutoRun O33 - MountPoints2\{dd42da73-da67-11de-a57f-001109dc35a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dd42da73-da67-11de-a57f-001109dc35a8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.11 10:48:45 | 000,000,000 | ---D | C] -- C:\_OTL [2011.05.11 10:47:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fish\Desktop\OTL.exe [2011.05.11 10:36:07 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Fish\PrivacIE [2011.05.11 10:29:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll [2011.05.11 10:28:11 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe [2011.05.11 10:27:27 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2011.05.11 10:26:46 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll [2011.05.11 10:26:46 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe [2011.05.11 10:26:21 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll [2011.05.11 10:26:21 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll [2011.05.11 10:26:21 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll [2011.05.11 10:26:21 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll [2011.05.11 10:26:21 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll [2011.05.11 10:26:21 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll [2011.05.11 10:26:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb [2011.05.11 10:26:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb [2011.05.11 10:26:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb [2011.05.11 10:26:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb [2011.05.11 10:26:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb [2011.05.11 10:26:13 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2011.05.11 10:26:05 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll [2011.05.11 10:25:56 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2011.05.11 10:25:36 | 001,288,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll [2011.05.11 10:25:11 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2011.05.11 10:24:51 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2011.05.11 10:24:51 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2011.05.11 10:24:51 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2011.05.11 10:24:12 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll [2011.05.11 10:24:01 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll [2011.05.11 10:23:53 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll [2011.05.11 10:23:45 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll [2011.05.11 10:23:39 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll [2011.05.11 10:23:39 | 000,262,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax [2011.05.11 10:23:31 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe [2011.05.11 10:22:46 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2011.05.11 10:22:26 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2011.05.11 10:22:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll [2011.05.11 10:21:29 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll [2011.05.11 10:21:12 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2011.05.11 10:21:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2011.05.11 10:20:50 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll [2011.05.11 10:20:42 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll [2011.05.11 10:18:47 | 000,000,000 | ---D | C] -- C:\Programme\Messenger [2011.05.11 10:16:07 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Fish\IETldCache [2011.05.11 10:07:21 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx [2011.05.11 10:07:21 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx [2011.05.11 10:07:21 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx [2011.05.11 10:07:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Registry Mechanic [2011.05.11 10:07:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools [2011.05.11 10:07:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.05.11 10:05:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2011.05.10 23:40:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Avira [2011.05.10 23:37:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011.05.10 23:37:16 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.05.10 23:37:16 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.05.10 23:37:16 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011.05.10 23:37:16 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011.05.10 23:37:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2011.05.10 23:20:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fish\Lokale Einstellungen\Anwendungsdaten\PackageAware [2011.05.10 12:27:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\SUPERAntiSpyware.com [2011.05.10 12:27:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2011.05.10 11:03:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fish\Lokale Einstellungen\Anwendungsdaten\NPE [2011.05.10 10:42:59 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Fish\Recent [2011.05.09 23:09:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.05.09 23:09:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.05.09 23:09:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.05.09 22:54:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HijackThis ========== Files - Modified Within 30 Days ========== [2011.05.11 10:51:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.11 10:47:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fish\Desktop\OTL.exe [2011.05.11 10:34:07 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2011.05.11 10:31:49 | 000,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.05.11 10:29:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.05.11 10:08:28 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2011.05.11 09:44:51 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.05.11 09:44:51 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.05.10 10:02:49 | 000,000,597 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.05.09 23:41:47 | 004,288,537 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011.05.09 22:54:28 | 000,000,791 | ---- | M] () -- C:\Dokumente und Einstellungen\Fish\Desktop\HijackThis.lnk [2011.05.08 20:41:53 | 000,119,959 | ---- | M] () -- C:\Dokumente und Einstellungen\Fish\Desktop\bl33 070511 VfB - Hannover 96 2-0 --- 0085.jpg [2011.05.06 17:16:26 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.05.05 15:31:19 | 000,029,184 | ---- | M] () -- C:\WINDOWS\System32\wiadegui.dll [2011.05.04 18:13:44 | 000,887,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Fish\Desktop\lbs_1.pdf [2011.05.04 18:13:43 | 000,000,051 | ---- | M] () -- C:\WINDOWS\SW_Win9423X24.DLL [2011.05.04 18:13:06 | 000,886,358 | ---- | M] () -- C:\Dokumente und Einstellungen\Fish\Desktop\lbs_1.jpg [2011.05.04 14:22:15 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl ========== Files Created - No Company Name ========== [2011.05.11 10:26:33 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll [2011.05.11 10:26:33 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll [2011.05.11 10:18:51 | 000,002,483 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Messenger.lnk [2011.05.11 10:08:28 | 000,000,244 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job [2011.05.11 10:07:21 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe [2011.05.11 10:06:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011.05.09 22:54:28 | 000,000,791 | ---- | C] () -- C:\Dokumente und Einstellungen\Fish\Desktop\HijackThis.lnk [2011.05.08 20:41:51 | 000,119,959 | ---- | C] () -- C:\Dokumente und Einstellungen\Fish\Desktop\bl33 070511 VfB - Hannover 96 2-0 --- 0085.jpg [2011.05.05 15:31:19 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\wiadegui.dll [2011.05.04 18:13:44 | 000,887,622 | ---- | C] () -- C:\Dokumente und Einstellungen\Fish\Desktop\lbs_1.pdf [2011.05.04 18:10:43 | 000,886,358 | ---- | C] () -- C:\Dokumente und Einstellungen\Fish\Desktop\lbs_1.jpg [2011.05.02 18:10:07 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win9423X24.DLL [2011.05.02 18:04:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll [2010.06.19 19:13:16 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010.06.19 19:13:16 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010.06.19 19:13:16 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010.04.26 15:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini [2010.01.17 21:58:30 | 000,005,184 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\N360BUOptions.ini [2010.01.04 14:31:43 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.10.01 17:27:03 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\NMM-MetaData.db [2009.07.04 10:47:36 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe [2009.07.04 10:47:36 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll [2009.07.04 10:47:36 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin [2009.04.02 21:13:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008.10.28 20:49:29 | 000,048,398 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe [2008.10.07 16:15:42 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe [2008.10.07 16:15:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2008.10.07 16:15:42 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe [2008.10.06 18:18:59 | 000,122,854 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LUUnInstall.LiveUpdate [2007.12.24 20:36:57 | 000,000,297 | ---- | C] () -- C:\WINDOWS\game.ini [2007.11.17 12:45:16 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.11.17 12:45:16 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\PnkBstrK.sys [2007.11.17 12:45:12 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2007.11.17 12:44:57 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2007.11.12 07:51:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007.11.12 07:51:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2007.11.12 07:51:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.11.12 07:51:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2007.11.12 07:51:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007.11.12 07:51:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.11.12 07:51:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2007.11.12 07:51:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2007.11.12 07:51:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007.07.06 15:23:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\SW_Win2000X24.DLL [2007.07.06 15:22:52 | 000,001,484 | ---- | C] () -- C:\WINDOWS\CITP_SearchHistory.INI [2007.07.06 15:22:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll [2007.07.06 15:22:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll [2007.07.06 15:22:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe [2007.04.23 02:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007.04.23 02:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.04.07 18:30:05 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.04.06 13:00:12 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\msssmsda.dat [2006.10.06 19:53:33 | 000,299,008 | ---- | C] () -- C:\WINDOWS\Uninstall_tkexe.exe [2006.10.06 19:52:59 | 000,000,018 | ---- | C] () -- C:\WINDOWS\sys386h.dat [2006.10.06 19:52:31 | 000,000,032 | ---- | C] () -- C:\WINDOWS\weitere.INI [2006.08.15 15:38:13 | 000,000,082 | ---- | C] () -- C:\WINDOWS\netdet.ini [2006.07.23 13:41:34 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2006.05.18 21:11:28 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\uharc.exe [2006.04.10 19:22:41 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2006.04.10 19:22:41 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2006.04.10 19:22:41 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2006.04.10 19:22:41 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2006.04.10 19:22:41 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2006.04.10 19:22:41 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2006.04.10 19:22:41 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2006.04.10 19:22:41 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2006.04.10 19:22:41 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL [2006.04.10 19:22:41 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2006.02.14 23:05:56 | 000,164,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\athsgt.sys [2006.02.14 23:05:56 | 000,012,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\limsgt.sys [2006.02.12 02:47:25 | 000,000,232 | ---- | C] () -- C:\WINDOWS\XIIIHooligans.ini [2005.12.15 19:08:31 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NVPerformance.INI [2005.12.15 19:07:35 | 000,000,104 | ---- | C] () -- C:\WINDOWS\nTune.INI [2005.12.15 19:07:33 | 000,000,113 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI [2005.11.24 22:03:06 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2005.11.24 22:03:06 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2005.11.24 22:03:06 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2005.11.24 22:03:06 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2005.11.24 22:03:06 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [2005.11.20 22:18:44 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2005.11.19 15:46:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005.11.19 10:29:55 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2005.11.17 21:37:22 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVStrap.sys [2005.11.15 22:03:09 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2005.11.14 20:13:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005.11.14 20:13:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005.11.14 20:13:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005.11.14 20:13:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005.11.14 20:13:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005.11.14 20:13:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005.11.14 20:12:52 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat [2005.11.14 20:12:36 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll [2005.11.14 18:58:43 | 000,121,344 | ---- | C] () -- C:\Dokumente und Einstellungen\Fish\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.11.14 18:54:43 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005.11.14 18:11:17 | 000,000,507 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005.11.13 16:15:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat [2005.11.13 16:10:48 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe [2005.11.11 01:15:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.11.11 01:13:44 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005.11.10 21:50:54 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.11.10 21:13:28 | 000,140,204 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini [2005.11.10 20:58:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.11.10 20:05:48 | 000,009,076 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys [2005.11.10 19:33:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005.11.10 19:32:40 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe [2005.11.10 19:32:32 | 000,009,756 | ---- | C] () -- C:\WINDOWS\mozver.dat [2005.11.10 18:34:21 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2005.11.10 18:34:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2005.11.10 18:19:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005.11.10 18:15:21 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.07.05 15:25:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll [2004.07.05 15:24:58 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\wl.exe [2002.08.29 03:54:14 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002.02.13 08:00:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\midas.dll [2002.02.13 08:00:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\dbexpint.dll [2001.08.23 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.23 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.08.18 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.08.18 14:00:00 | 000,316,594 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001.08.18 14:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.08.18 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.08.18 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001.08.18 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.08.18 14:00:00 | 000,048,156 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001.08.18 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.08.18 14:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.08.18 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001.08.18 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.08.18 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2007.10.03 13:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic [2010.02.04 18:23:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.05.25 17:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2009.07.15 20:08:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.02.08 20:46:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2011.01.13 18:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2007.07.12 13:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.02.09 19:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache [2009.10.01 17:18:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.05.11 10:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.01.07 17:45:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2008.10.07 15:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2010.01.07 17:30:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2005.11.20 22:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Acronis [2006.01.04 12:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Ankh [2006.08.16 13:01:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Azureus [2010.03.06 20:51:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Canon Easy-WebPrint EX [2010.05.25 17:44:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\elsterformular [2008.07.01 16:59:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\eMule [2008.09.10 20:10:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\FarmingSimulator2008 [2007.12.23 15:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\flightgear.org [2011.03.28 09:27:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\FRITZ! [2011.01.13 18:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\FRITZ!fax für FRITZ!Box [2005.11.20 13:55:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Gearbox Software [2006.02.28 14:18:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\GlobalSCAPE [2009.07.15 19:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\ICQ [2006.01.15 16:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\ICQLite [2005.11.14 19:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\InterVideo [2010.02.09 19:33:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Nokia [2010.02.09 19:33:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Nokia Ovi Suite [2009.05.20 21:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Opera [2009.10.01 19:43:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\PC Suite [2006.08.02 22:18:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Pegasys Inc [2008.10.07 17:16:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\SuperAdBlocker.com [2006.04.18 21:31:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\ThumbsPlus [2010.06.06 14:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Thunderbird [2010.01.09 17:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\TmpRecentIcons [2010.01.20 20:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\Trillian [2005.11.14 19:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fish\Anwendungsdaten\TuneUp Software [2011.05.06 17:16:26 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2011.05.11 10:08:28 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 < End of report > |
|
11.05.2011, 11:04
| #2 |
| /// Malware-holic   | Internet lahmt und Zugriffsverweigerungen 1. poste alle Malwarebytes log, zu finden unter malwarebytes, logdateien.
__________________2. poste die funde deines antivirus.
__________________ |
|
11.05.2011, 11:11
| #3 | ||
| | Internet lahmt und Zugriffsverweigerungen Hier mein Nortonlogfile:
__________________Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion 10.05.2011 15:20,Hoch,a0279944.exe (Trojan Horse) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion 10.05.2011 15:20,Hoch,a0285157.exe (Downloader) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion 10.05.2011 15:20,Hoch,a0279976.exe (Spyware.Keylogger) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion 10.05.2011 10:53,Hoch,a0279314.exe (W32.Rixobot) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion 10.05.2011 10:52,Hoch,a0270063.dll (Packed.Vuntid!gen3) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion 10.05.2011 10:52,Hoch,a0270062.dll (Backdoor.Tidserv) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion 10.05.2011 10:51,Gering,a0261205.exe (Adware.Gen) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion 10.05.2011 10:51,Hoch,a0261206.exe (Downloader.Zlob!gen.3) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion Zitat:
Zitat:
Geändert von fish_samoht (11.05.2011 um 11:17 Uhr) |
|
11.05.2011, 11:15
| #4 |
| /// Malware-holic | Internet lahmt und Zugriffsverweigerungen bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2011, 11:45
| #5 |
| | Internet lahmt und Zugriffsverweigerungen Combofix Logfile: Code:
ATTFilter ComboFix 11-05-10.02 - Fish 11.05.2011 12:31:22.1.1 - x86
ausgeführt von:: c:\dokumente und einstellungen\Fish\Desktop\ComboFix.exe
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Fish\WINDOWS
c:\windows\SW_Win9423X24.DLL
c:\windows\system32\logs
c:\windows\system32\logs\svchost.log
c:\windows\system32\midas.dll
c:\windows\system32\paypal.url
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\winx.url
c:\windows\system32\wl.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-11 bis 2011-05-11 ))))))))))))))))))))))))))))))
.
.
2011-05-11 09:59 . 2011-05-11 09:59 -------- d-----w- c:\programme\ESET
2011-05-11 08:47 . 2011-05-11 08:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-11 08:36 . 2011-05-11 08:36 -------- d-sh--w- c:\dokumente und einstellungen\Fish\PrivacIE
2011-05-11 08:29 . 2009-04-20 17:17 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2011-05-11 08:28 . 2011-02-11 14:44 236032 -c----w- c:\windows\system32\dllcache\fxscover.exe
2011-05-11 08:27 . 2011-02-22 23:05 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-05-11 08:27 . 2011-02-22 23:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-11 08:27 . 2011-02-22 23:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-05-11 08:25 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-05-11 08:25 . 2010-07-16 12:05 1288192 -c----w- c:\windows\system32\dllcache\ole32.dll
2011-05-11 08:25 . 2010-08-23 16:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-05-11 08:24 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-05-11 08:24 . 2010-09-18 06:52 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-05-11 08:24 . 2010-09-18 06:52 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-05-11 08:24 . 2010-06-18 17:44 293888 -c----w- c:\windows\system32\dllcache\winsrv.dll
2011-05-11 08:24 . 2010-07-27 06:34 257024 -c----w- c:\windows\system32\dllcache\infocomm.dll
2011-05-11 08:23 . 2010-06-30 20:38 375296 -c----w- c:\windows\system32\dllcache\asp51.dll
2011-05-11 08:23 . 2010-04-16 15:36 406016 -c----w- c:\windows\system32\dllcache\usp10.dll
2011-05-11 08:23 . 2010-03-30 10:24 317440 -c----w- c:\windows\system32\dllcache\mp4sdecd.dll
2011-05-11 08:23 . 2010-08-17 13:17 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe
2011-05-11 08:22 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-05-11 08:22 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-05-11 08:22 . 2010-03-05 14:37 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
2011-05-11 08:21 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2011-05-11 08:21 . 2010-03-05 18:45 465920 -c----w- c:\windows\system32\dllcache\smtpsvc.dll
2011-05-11 08:20 . 2010-01-13 14:00 86528 -c----w- c:\windows\system32\dllcache\cabview.dll
2011-05-11 08:20 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2011-05-11 08:16 . 2011-05-11 08:16 -------- d-sh--w- c:\dokumente und einstellungen\Fish\IETldCache
2011-05-11 08:07 . 2010-09-16 10:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-05-11 08:07 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-05-11 08:07 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-05-11 08:07 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-05-11 08:07 . 2011-05-11 08:07 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2011-05-11 08:07 . 2011-05-11 08:10 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2011-05-11 08:05 . 2011-05-11 08:06 -------- dc-h--w- c:\windows\ie8
2011-05-11 07:45 . 2011-05-11 07:45 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü
2011-05-10 21:40 . 2011-05-10 21:40 -------- d-----w- c:\dokumente und einstellungen\Fish\Anwendungsdaten\Avira
2011-05-10 21:37 . 2011-05-11 07:44 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-10 21:37 . 2011-05-11 07:44 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-10 21:37 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-10 21:37 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-10 21:37 . 2011-05-10 21:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2011-05-10 21:20 . 2011-05-10 21:20 -------- d-----w- c:\dokumente und einstellungen\Fish\Lokale Einstellungen\Anwendungsdaten\PackageAware
2011-05-10 10:27 . 2011-05-10 10:27 -------- d-----w- c:\dokumente und einstellungen\Fish\Anwendungsdaten\SUPERAntiSpyware.com
2011-05-10 10:27 . 2011-05-10 10:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2011-05-10 09:03 . 2011-05-10 21:04 -------- d-----w- c:\dokumente und einstellungen\Fish\Lokale Einstellungen\Anwendungsdaten\NPE
2011-05-09 21:09 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 21:09 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 13:31 . 2011-05-05 13:31 29184 ----a-w- c:\windows\system32\wiadegui.dll
2011-05-02 16:04 . 2010-08-18 11:18 98304 ----a-w- c:\windows\system32\DVM.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-03-02 12:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2003-01-14 11:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2002-08-29 01:23 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:05 . 2004-02-06 17:07 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:05 . 2002-08-29 01:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:05 . 2002-08-29 01:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2005-11-13 10:54 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 16:24 . 2009-11-30 09:11 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 13:18 . 2002-08-28 23:59 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2001-08-18 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 12:56 . 2001-08-18 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2008-05-15 16:03 . 2005-11-10 17:32 67696 ----a-w- c:\programme\mozilla firefox\components\jar50.dll
2008-05-15 16:03 . 2005-11-10 17:32 54376 ----a-w- c:\programme\mozilla firefox\components\jsd3250.dll
2008-05-15 16:03 . 2006-10-26 18:27 34952 ----a-w- c:\programme\mozilla firefox\components\myspell.dll
2008-05-15 16:03 . 2006-10-26 18:28 46720 ----a-w- c:\programme\mozilla firefox\components\spellchk.dll
2008-05-15 16:03 . 2005-11-10 17:32 172144 ----a-w- c:\programme\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-12 8523776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Fish\Startmen\Programme\Autostart\
atomzeit.lnk - e:\programme\Atomuhr\atomzeit.exe [2005-11-14 64000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\neuer ordner\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,6e,67,68,6f,72,6e,75,69,2e,65,78,65,00
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- e:\neuer ordner\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^CoreCenter.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\CoreCenter.lnk
backup=c:\windows\pss\CoreCenter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^DigiCell.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\DigiCell.lnk
backup=c:\windows\pss\DigiCell.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-11-20 20:18 61440 ----a-w- c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis*True*Image Monitor]
2005-11-20 20:18 435304 ----a-w- e:\programme\Acronis\TrueImage\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-05-11 07:44 281768 ----a-w- e:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-24 02:00 1983816 ----a-w- c:\programme\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-08 22:00 128920 ----a-w- e:\programme\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2004-08-23 13:45 35528 ----a-w- c:\progra~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firebird]
2004-12-12 23:05 65536 ----a-w- e:\programme\Firebird\Firebird_1_5\bin\fbguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 10:58 278528 ----a-w- e:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-12 05:51 8523776 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-12 05:51 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-06-03 19:51 131072 ----a-w- c:\programme\NVIDIA Corporation\NvMixer\NvMixerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- e:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-11-14 17:11 155648 ----a-w- c:\programme\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-06-20 20:42 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
2006-05-24 18:31 1372160 ----a-w- c:\programme\TGTSoft\StyleXP\StyleXP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-02-09 18:13 180269 ----a-w- c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]
2005-08-17 21:50 293888 ----a-w- e:\programme\TuneUp Utilities 2006\MemOptimizer.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"=e:\spiele\Steam\Steam.exe -silent
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"PC Suite Tray"="e:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"NVMixerTray"="c:\programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"NBKeyScan"="e:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NokiaMServer"=c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"16768:TCP"= 16768:TCP:*:Disabled:BitComet 16768 TCP
"16768:UDP"= 16768:UDP:*:Disabled:BitComet 16768 UDP
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\symds.sys [24.09.2010 15:57 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\symefa.sys [24.09.2010 15:57 173104]
R1 BHDrvx86;BHDrvx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [03.05.2011 14:13 802936]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [24.09.2010 15:57 501888]
R1 SASDIFSV;SASDIFSV;e:\neuer ordner\sasdifsv.sys [17.02.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;e:\neuer ordner\SASKUTIL.SYS [10.05.2010 20:41 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [24.09.2010 15:57 116784]
R2 AntiVirMailService;Avira AntiVir MailGuard;e:\programme\Avira\AntiVir Desktop\avmailc.exe [10.05.2011 23:37 339624]
R2 AntiVirSchedulerService;Avira AntiVir Planer;e:\programme\Avira\AntiVir Desktop\sched.exe [10.05.2011 23:37 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;e:\programme\Avira\AntiVir Desktop\avwebgrd.exe [10.05.2011 23:37 421032]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [14.02.2006 23:05 164992]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [14.01.2009 17:27 222968]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [14.02.2006 23:05 12544]
R2 NIS;Norton Internet Security;e:\programme\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [24.09.2010 15:56 126392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\programme\Gemeinsame Dateien\PC Tools\sMonitor\StartManSvc.exe [11.05.2011 10:07 632792]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\PStrip.sys [09.11.2004 23:32 21968]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;e:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [19.11.2010 16:31 1051968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10.05.2011 09:35 105592]
R3 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110509.001\IDSXpx86.sys [11.05.2011 09:51 341944]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;e:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 08:24 10064]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [17.11.2005 21:37 3712]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 SABKUTIL;SABKUTIL;\??\e:\programme\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> e:\programme\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 atidgllk;atidgllk;e:\programme\ASUS\SmartDoctor\atidgllk.sys [20.10.2005 10:29 5376]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;e:\programme\Firebird\Firebird_1_5\bin\fbguard.exe -s --> e:\programme\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;e:\programme\Firebird\Firebird_1_5\bin\fbserver.exe -s --> e:\programme\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 PCAlertDriver;PCAlertDriver;e:\programme\MSI\Core Center\NTGLM7X.SYS [17.12.2005 16:20 21728]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [24.11.2005 22:04 31872]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - klmd25
*Deregistered* - mchInjDrv
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-06 c:\windows\Tasks\1-Klick-Wartung.job
- e:\programme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 03:08]
.
2011-05-11 c:\windows\Tasks\RMSchedule.job
- e:\programme\Registry Mechanic\RegMech.exe [2011-05-11 11:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = local
IE: in/mit BitSpirit runterladen - e:\programme\BitSpirit\bsurl.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: e:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: {24EC6FB6-9A70-485C-88F5-43D6BFA19F83} = 192.168.178.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Fish\Anwendungsdaten\Mozilla\Firefox\Profiles\daregc96.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-ICQ Lite - e:\programme\ICQLite\ICQLite.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-PCSuiteTrayApplication - e:\programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-SunJavaUpdateSched - c:\programme\Java\jre1.5.0_05\bin\jusched.exe
MSConfigStartUp-WinampAgent - e:\programme\Winamp\winampa.exe
AddRemove-Convert Image To PDF_is1 - e:\programme\Softinterface
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-11 12:38
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"e:\programme\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"e:\programme\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1400)
e:\programme\TuneUp Utilities 2006\WinStylerThemeHelper.dll
e:\neuer ordner\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1520)
e:\programme\TuneUp Utilities 2006\WinStylerThemeHelper.dll
.
Zeit der Fertigstellung: 2011-05-11 12:43:20
ComboFix-quarantined-files.txt 2011-05-11 10:43
.
Vor Suchlauf: 10 Verzeichnis(se), 15.909.433.344 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 15.854.575.616 Bytes frei
.
- - End Of File - - F5AA9BDC07EC56B6819FD5D06A45B662
|
|
11.05.2011, 14:47
| #6 |
| /// Malware-holic | Internet lahmt und Zugriffsverweigerungen
__________________ --> Internet lahmt und Zugriffsverweigerungen |
|
| Themen zu Internet lahmt und Zugriffsverweigerungen |
| 0x00000001, acedrv05.sys, ad-aware, alternate, audiograbber, avgntflt.sys, avira, benutzerregistrierung, bho, call of duty, canon, cracker, error, fehler, firefox, flash player, format, google, hijack, hijackthis, internet, intrusion prevention, langsam, location, logfile, mozilla, mozilla thunderbird, mp3, oldtimer, plug-in, problem, proxy, realtek, registry, rundll, scan, searchplugins, security, sehr langsam, shell32.dll, software, starten, thomas, visual studio, windows internet |
Linear-Darstellung
