|
Mein ICQ macht sich selbständig! gleiches pronlem: http://www.trojaner-board.de/85015-m...urm-alarm.html ...gestern diesen blöden link geöffnet! weiß nicht inwiefern mein lappi da infiziert is...kann mir jemand bitte helfen??? |
Malwarebytes' Anti-Malware 1.45 http://www.trojaner-board.de/51187-anleitung-malwarebytes-anti-malware.html Datenbank Version: 4007 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 19.04.2010 20:52:51 mbam-log-2010-04-19 (20-52-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 253446 Laufzeit: 2 Stunde(n), 20 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update manager (Backdoor.IRCBot) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Public\winsvcn.exe (Backdoor.IRCBot) -> Delete on reboot. |
hat nen bissel gedauert ... wie schauts aus, was muss ich machen? |
OTL logfile created on: 19.04.2010 21:02:11 - Run 1 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Angie\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 36,58 Gb Free Space | 25,39% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANGIE-PC Current User Name: Angie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Angie\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Angie\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://www.meinvz.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 20:14:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.14 17:35:30 | 000,000,000 | ---D | M] [2009.02.24 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Extensions [2010.04.19 10:37:37 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\ftb972wf.default\extensions [2009.08.09 23:58:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\ftb972wf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.08 17:01:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\ftb972wf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.07.22 17:58:02 | 000,000,000 | ---D | M] -- C:\Users\Angie\AppData\Roaming\mozilla\Firefox\Profiles\ftb972wf.default\extensions\moveplayer@movenetworks.com [2010.04.13 18:34:38 | 000,000,950 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\ftb972wf.default\searchplugins\icqplugin-1.xml [2010.03.15 13:48:13 | 000,000,950 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\ftb972wf.default\searchplugins\icqplugin-2.xml [2010.04.04 20:14:19 | 000,000,950 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\ftb972wf.default\searchplugins\icqplugin-3.xml [2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\ftb972wf.default\searchplugins\icqplugin.gif [2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\ftb972wf.default\searchplugins\icqplugin.src [2010.03.12 11:34:20 | 000,000,955 | ---- | M] () -- C:\Users\Angie\AppData\Roaming\Mozilla\FireFox\Profiles\ftb972wf.default\searchplugins\icqplugin.xml [2010.01.19 17:38:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.19 17:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.09.15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npsnapfish.dll [2010.03.15 13:40:51 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.15 13:40:51 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.15 13:40:51 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.15 13:40:51 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.15 13:40:51 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Angie\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.19 18:12:24 | 000,000,000 | ---D | C] -- C:\Users\Angie\AppData\Roaming\Malwarebytes [2010.04.19 18:12:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.19 18:11:54 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.19 18:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.19 18:11:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.14 22:08:07 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.14 22:08:07 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.14 22:08:04 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.14 22:07:58 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.14 22:07:58 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.03.31 21:23:51 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.03.31 21:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.03.31 21:17:53 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.03.31 21:13:47 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.03.31 11:23:20 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.03.31 11:23:19 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.03.31 11:23:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.03.31 11:23:18 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll ========== Files - Modified Within 30 Days ========== [2010.04.19 21:01:46 | 003,145,728 | -HS- | M] () -- C:\Users\Angie\ntuser.dat [2010.04.19 20:57:16 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.19 20:57:14 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.19 20:57:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.19 20:57:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.19 20:57:02 | 3353,788,416 | -HS- | M] () -- C:\hiberfil.sys [2010.04.19 20:56:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.04.19 20:56:18 | 000,524,288 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.04.19 20:56:18 | 000,065,536 | -HS- | M] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.04.19 20:56:17 | 002,427,461 | -H-- | M] () -- C:\Users\Angie\AppData\Local\IconCache.db [2010.04.19 18:12:09 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.18 15:29:10 | 000,225,098 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.18 15:29:10 | 000,123,164 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.18 15:29:10 | 000,056,098 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.18 15:29:10 | 000,040,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.18 15:29:10 | 000,026,528 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.14 22:54:13 | 000,199,966 | ---- | M] () -- C:\Users\Angie\Documents\wir_sortieren_muell.pdf [2010.04.14 17:35:30 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2010.04.06 22:53:43 | 000,470,477 | ---- | M] () -- C:\Users\Angie\Documents\Kandinsky-Lebenslauf.pdf [2010.03.31 21:25:16 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.03.31 21:18:24 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010.04.19 18:12:09 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.14 22:54:13 | 000,199,966 | ---- | C] () -- C:\Users\Angie\Documents\wir_sortieren_muell.pdf [2010.03.31 21:25:16 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.03.31 21:18:24 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2009.12.17 23:12:42 | 000,000,409 | ---- | C] () -- C:\Users\Angie\Dokumente - Verknüpfung.lnk [2009.10.20 20:16:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.31 23:00:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2009.08.31 23:00:59 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.08.09 18:53:38 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.02.25 02:13:34 | 000,000,020 | -HS- | C] () -- C:\Users\Angie\ntuser.ini [2009.02.25 02:13:32 | 000,524,288 | -HS- | C] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009.02.25 02:13:32 | 000,524,288 | -HS- | C] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.02.25 02:13:32 | 000,262,144 | -H-- | C] () -- C:\Users\Angie\ntuser.dat.LOG1 [2009.02.25 02:13:32 | 000,065,536 | -HS- | C] () -- C:\Users\Angie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.02.25 02:13:32 | 000,000,000 | -H-- | C] () -- C:\Users\Angie\ntuser.dat.LOG2 [2009.02.25 02:13:31 | 003,145,728 | -HS- | C] () -- C:\Users\Angie\ntuser.dat [2009.02.24 20:39:07 | 000,083,968 | ---- | C] () -- C:\Users\Angie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.10 05:14:45 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2008.12.10 05:14:45 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.12.10 04:51:08 | 000,002,714 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.12.10 04:30:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.12.10 04:30:37 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > OTL Extras logfile created on: 19.04.2010 21:02:11 - Run 1 OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Angie\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 36,58 Gb Free Space | 25,39% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANGIE-PC Current User Name: Angie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EFEF347-0B68-4263-A8C2-167E78778F99}" = lport=138 | protocol=17 | dir=in | app=system | "{0F0F4908-307D-4648-B854-CB604B7A8BB8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3154797B-0D29-4C7B-A66D-DBE21EA876CF}" = lport=445 | protocol=6 | dir=in | app=system | "{4210E49A-DB4D-4B88-A5D1-226A445D4F20}" = rport=139 | protocol=6 | dir=out | app=system | "{47556A29-817C-4857-A99F-69CA5BA6A1EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4D501BB3-4FB3-472C-8ED1-59D7FFBA156A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5BFFCC92-EBF2-4AC6-8BD7-D4D08972AA99}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5F60337D-A21A-4989-899B-B1F1DBD1710C}" = rport=138 | protocol=17 | dir=out | app=system | "{66687B5C-379C-4A27-959A-36D10BEF7A34}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6C1FF578-DBFF-47F5-9A44-55FE11CA636E}" = rport=137 | protocol=17 | dir=out | app=system | "{707AF49E-24E4-49BB-B8DB-423C869C5A87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9158F5EA-733C-4183-B5ED-4F9E0A274C6A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{99395CD6-17A8-425D-9B71-4DB2AB2BC8AE}" = rport=445 | protocol=6 | dir=out | app=system | "{B00DA5E8-FAAB-483D-B25E-F7632D76F4B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{B9DE7B00-B76E-44BC-A84F-72736A56CF5C}" = lport=137 | protocol=17 | dir=in | app=system | "{C015BE96-3A44-4712-80F8-8DFBF6C9B407}" = lport=139 | protocol=6 | dir=in | app=system | "{D325BF95-97B2-4D2B-B6E1-D9F6AA462F86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D4A0E734-C05F-49C1-8BD8-B3CB1AE657C5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E7A5E461-4508-4101-9D24-FBA24A7266F1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{EFDF50B3-BEF1-4650-A022-DCBA030294FC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FB075601-E202-430D-BD27-E7BC30CD2D7E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D97462A-4DC3-4F23-8AFB-929D83910B9C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{152EC929-53BD-49AC-AEF8-403B7FF4B231}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{18D8AF2E-2F86-49CF-AF50-91F94361E29F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{1E963A0C-95D5-4565-84D2-6AD6A687F6B5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{24481B03-46D3-4A3E-857A-4A6AE53CC407}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{27C65E1D-532B-4132-8D66-32EE979C7E5E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{30C3AF77-FC71-48E9-BACC-9BBA71E06F46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3AD4E780-D2FC-45CC-8C3C-1B3ABEB56069}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4732E464-5013-4C91-AFEC-0892C516B5E4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{55C98F29-A93E-478E-BFEC-CBA9E73C5B9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{602AB144-EE2D-4342-AEEE-819542EC439D}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{6DF0C90E-8793-417D-89AB-1038F5DC00BD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{6E48D38D-1986-4E27-BBA7-CE0E296680D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6E5BC954-3782-4197-A176-FEF637EFABE3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{7411D45E-55BE-42C9-907C-08CBD8D3F642}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8494C408-2DE3-4653-804D-65C5862438FF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{8D8D4997-5572-4D2D-87E0-765CC29EAD1E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{8F5182B6-6320-4012-B342-725BF9032D1C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{985865F3-C379-436F-B31B-C4399F7F8B7A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{99567126-7DE9-4066-8801-5D8725A3B669}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A079488A-AE9E-4324-B54D-7D610A9FD8D8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{AB22EBA2-6DF0-42D3-8AF5-840126DFE8E3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{B0FC9A4B-8BB0-4DFF-829D-71B1790595E8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{B1072987-E709-4110-895E-43B716F11D66}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{B31C6224-E00D-4E53-B211-1855367A9136}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{BB23C3A8-ABD6-4D5A-928C-21312BCF2656}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{C28D2343-1B65-41B6-990B-62BCE3A5DB38}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{C604C359-B437-45C8-B379-E36BD0674F1E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{C8B213D3-FCFA-4808-9282-37C5BA401359}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D7F76B17-449B-4831-956F-63F404B21291}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E1BFB0D9-5D6B-4DA9-9C10-B45D0DFA8A59}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{F09F8499-F753-4375-9502-B884E9F06C35}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{FE85238D-83A8-42BF-AB42-54C40FA472AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{DAF8D083-F08E-4FD3-888F-F3659EACA778}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{AB5D5C81-6D58-4830-8097-6C67D82FE3DD}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{035ED630-CD5A-170B-C723-7D3975E14CD6}" = CCC Help Italian "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300 "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{073C822A-3B33-D269-37C7-635C238E53AC}" = Catalyst Control Center Localization Polish "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0EC85B2E-5F72-B7F6-7C2B-BE68F5A3325E}" = CCC Help English "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300 "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{148A4916-9CAE-9A65-E3D4-13AF550FB718}" = CCC Help Norwegian "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{17BC8ED4-356E-A916-82E9-6CE3813A0D8A}" = Catalyst Control Center Graphics Full Existing "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{231F1242-35FB-4A1F-8E93-600BCE767941}" = Samsung Mobility Panel "{2517CAE7-021A-6724-448D-058E8B490CED}" = CCC Help French "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17 "{2769D19E-EFE3-8528-A0F1-F1CFEFBFA00A}" = Catalyst Control Center Localization Norwegian "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29CEA792-6EAC-4B7F-073E-AC875CDA52D9}" = CCC Help Thai "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{3A284CD1-FD1D-3CC5-5453-0F7D54CF6C73}" = CCC Help Turkish "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D9F5B9D-9F36-A008-BAEC-CFD34F148473}" = ATI Catalyst Install Manager "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{42BFCDE1-6564-0A38-6F28-E8AEE81B8F04}" = Catalyst Control Center Localization Greek "{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software "{4C9CC077-601E-2C91-FA8F-547E88E15FD1}" = CCC Help Danish "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4CE975F1-D54F-E047-1975-B63EF6B2C42A}" = CCC Help Russian "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{50EF1669-0EF3-5BD2-6C67-B92FD3B3C80C}" = CCC Help Japanese "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53480060-85DE-4F43-9AFE-6E9D8FB8F2C1}" = O&O SafeErase "{5522BA88-841B-3298-F228-D5ACBC087423}" = Catalyst Control Center Localization Swedish "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5A5E1D67-52D6-8767-D02C-88C8C19862CD}" = Catalyst Control Center Localization Dutch "{5BC38BD0-8F31-34AC-3875-3D19B158D2ED}" = Catalyst Control Center Localization Finnish "{5CCD890F-C9CD-B85A-5C31-A4582BA780E1}" = ccc-utility "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6219FDFB-D0E3-5ECB-022B-7D5CE2B50DD6}" = CCC Help Finnish "{65C729B4-DA4C-3988-0B38-829B3F95A75A}" = Catalyst Control Center Localization Portuguese "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{68BFE2BF-C6AE-0D0F-7EF0-C19A4C649203}" = CCC Help Spanish "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A239DFD-249A-DDDA-484A-5A046BB29465}" = CCC Help Portuguese "{6D94DA09-DEF3-9EF7-D898-F1C97C34F9EF}" = CCC Help Korean "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{6FBCF7BB-BBF0-6BB8-40EA-B0A0C90E6316}" = Skins "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{72393226-892B-68C8-21C6-3143ED4F863F}" = Catalyst Control Center Localization Korean "{735105FD-05BC-4B99-525D-C775F42A9A06}" = Catalyst Control Center Core Implementation "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7986B74C-EE93-70BE-FCCF-86AD42D5B84E}" = CCC Help Czech "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8B26A8AF-8244-D0B5-2543-2CA246E71DB2}" = Catalyst Control Center Localization Chinese Traditional "{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{90D1E40E-8CC1-B37C-9029-C1FDD50EA15C}" = Catalyst Control Center Localization Spanish "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{921CA2C6-F07D-E7E3-1B61-335BDC390CB9}" = Catalyst Control Center Localization Danish "{927D70C9-60D5-9E8E-C034-A039E6A061AB}" = CCC Help Dutch "{94326847-F1D6-604A-E4C4-A048916E4A5C}" = Catalyst Control Center Localization Turkish "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9692E466-E68A-8005-F101-BB47791ECCDF}" = Catalyst Control Center Localization Russian "{992CD0F2-C0A9-F53A-335E-A436A321792D}" = Catalyst Control Center Graphics Full New "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E62B059-B0C6-9D7F-969B-E25ABF08A3C8}" = Catalyst Control Center Localization French "{A258280F-131D-E187-62B5-9D6A3317742D}" = Catalyst Control Center Localization Japanese "{A2EDDF40-A923-7E74-A6B6-B8EEBD66D18D}" = CCC Help Chinese Standard "{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B632422A-A9A6-77F6-19D9-EB4616A03C10}" = Catalyst Control Center Graphics Light "{B69D6E3C-BEFD-0581-4BE5-DFD89ECCFC46}" = Catalyst Control Center Localization Italian "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BDE81949-C0E8-238B-2ACC-E10EDCC3B243}" = CCC Help Polish "{C3B233DC-0CA2-3740-4EBC-AA138573751A}" = Catalyst Control Center Localization German "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3008D96-86EB-7713-AAFD-E435D8F3A059}" = ccc-core-static "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{D9872610-D0CF-DA80-1FE7-773E11EF3F85}" = CCC Help Chinese Traditional "{DE52F223-E4BD-D900-4CCB-EB060883FD96}" = Catalyst Control Center Localization Czech "{E05BD952-C7B4-0AF8-4F82-BF51D25D9DE4}" = CCC Help German "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5419254-D801-17E4-FD02-492D78177C7E}" = Catalyst Control Center Localization Hungarian "{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver "{EBCD08C0-81F9-6614-EE3D-0760C594B39E}" = CCC Help Hungarian "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0581D83-9155-B015-B395-0258EBDA2D5B}" = Catalyst Control Center Graphics Previews Vista "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F37CB741-A570-D403-300B-25F682D33F8A}" = CCC Help Swedish "{F5594F78-6B67-85DB-AD30-2F2BCAAD509D}" = Catalyst Control Center Localization Chinese Standard "{F64B9D07-14D4-4DC6-9C34-D28F0C644F9A}" = Catalyst Control Center - Branding "{F83EE0F9-A36D-0AFF-59F1-6D69852E4371}" = CCC Help Greek "{F8413786-48E7-FA4F-474A-CF573131140D}" = Catalyst Control Center InstallProxy "{F886EE71-F8C5-1C35-2AC0-C2288C429C0E}" = Catalyst Control Center Localization Thai "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung "Canon Setup Utility 2.3" = Canon Setup Utility 2.3 "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "ENTERPRISE" = Microsoft Office Enterprise 2007 "ICQToolbar" = ICQ Toolbar "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM "Picasa 3" = Picasa 3 "PROHYBRIDR" = 2007 Microsoft Office system "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 0.9.8a "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.04.2010 09:50:22 | Computer Name = Angie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1092 Error - 01.04.2010 09:50:23 | Computer Name = Angie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 01.04.2010 09:50:23 | Computer Name = Angie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2465 Error - 01.04.2010 09:50:23 | Computer Name = Angie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2465 Error - 01.04.2010 14:03:57 | Computer Name = Angie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 01.04.2010 14:03:57 | Computer Name = Angie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15216228 Error - 01.04.2010 14:03:57 | Computer Name = Angie-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15216228 Error - 01.04.2010 14:14:16 | Computer Name = Angie-PC | Source = EventSystem | ID = 4621 Description = Error - 01.04.2010 18:16:55 | Computer Name = Angie-PC | Source = WinMgmt | ID = 10 Description = Error - 01.04.2010 18:17:44 | Computer Name = Angie-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SynTPEnh.exe, Version 10.1.2.0, Zeitstempel 0x472258c9, fehlerhaftes Modul SynTPEnh.exe, Version 10.1.2.0, Zeitstempel 0x472258c9, Ausnahmecode 0xc0000409, Fehleroffset 0x00028ffc, Prozess-ID 0x8ac, Anwendungsstartzeit 01cad1e8e93e291f. [ System Events ] Error - 18.04.2010 11:01:15 | Computer Name = Angie-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 18.04.2010 um 16:58:49 unerwartet heruntergefahren. Error - 18.04.2010 11:02:34 | Computer Name = Angie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 18.04.2010 11:02:45 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.04.2010 04:22:54 | Computer Name = Angie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 19.04.2010 04:22:59 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.04.2010 11:09:25 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7000 Description = Error - 19.04.2010 11:10:29 | Computer Name = Angie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 19.04.2010 11:13:25 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7022 Description = Error - 19.04.2010 14:58:32 | Computer Name = Angie-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 19.04.2010 14:58:47 | Computer Name = Angie-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfilemüsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. |
All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "ICQ Search" removed from browser.search.selectedEngine ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Angie ->Temp folder emptied: 297012324 bytes ->Temporary Internet Files folder emptied: 93652168 bytes ->Java cache emptied: 58334993 bytes ->FireFox cache emptied: 37084995 bytes ->Flash cache emptied: 178127 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 59020598 bytes RecycleBin emptied: 275 bytes Total Files Cleaned = 520,00 mb OTL by OldTimer - Version 3.2.1.3 log created on 04202010_002727 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
Schön. Dann mach jetzt mal nen Durchgang mit CF bitte: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
ComboFix 10-04-19.04 - Angie 20.04.2010 15:48:08.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3197.2442 [GMT 2:00] ausgeführt von:: c:\users\Angie\Desktop\cofi.exe.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-3490820709-1942061592-308988738-500 c:\$recycle.bin\S-1-5-21-3618412015-3330846604-3295358060-500 . ((((((((((((((((((((((( Dateien erstellt von 2010-03-20 bis 2010-04-20 )))))))))))))))))))))))))))))) . 2010-04-19 22:27 . 2010-04-19 22:27 -------- d-----w- C:\_OTL 2010-04-19 16:12 . 2010-04-19 16:12 -------- d-----w- c:\users\Angie\AppData\Roaming\Malwarebytes 2010-04-19 16:12 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-19 16:11 . 2010-04-19 16:11 -------- d-----w- c:\programdata\Malwarebytes 2010-04-19 16:11 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-19 16:11 . 2010-04-19 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-14 20:08 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 20:08 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 20:08 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 20:08 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-14 20:08 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 20:08 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 20:07 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-14 20:07 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-14 20:07 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-14 15:43 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 15:43 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-03-31 19:23 . 2010-03-31 19:23 -------- d-----w- c:\program files\iPod 2010-03-31 19:23 . 2010-03-31 19:25 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-03-31 19:17 . 2010-03-31 19:18 -------- d-----w- c:\program files\QuickTime 2010-03-31 19:13 . 2010-03-31 19:13 -------- d-----w- c:\program files\Bonjour 2010-03-31 19:07 . 2010-03-31 19:07 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-03-31 09:23 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll 2010-03-31 09:23 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-20 13:43 . 2008-12-10 19:48 12 ----a-w- c:\windows\bthservsdp.dat 2010-04-20 08:30 . 2009-02-24 18:05 -------- d-----w- c:\users\Angie\AppData\Roaming\ICQ 2010-04-19 22:27 . 2010-01-19 15:37 -------- d-----w- c:\program files\ICQ6Toolbar 2010-04-18 13:29 . 2008-12-10 02:40 40032 ----a-w- c:\windows\system32\perfc007.dat 2010-04-18 13:29 . 2008-12-10 02:40 123164 ----a-w- c:\windows\system32\perfh007.dat 2010-04-15 08:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-15 07:57 . 2008-12-10 03:23 -------- d-----w- c:\programdata\Microsoft Help 2010-03-31 19:25 . 2009-12-24 19:55 -------- d-----w- c:\program files\iTunes 2010-03-31 19:23 . 2009-12-24 19:50 -------- d-----w- c:\program files\Common Files\Apple 2010-03-31 18:10 . 2010-01-19 15:37 -------- d-----w- c:\program files\ICQ7.0 2010-02-24 17:04 . 2009-02-25 00:16 101608 ----a-w- c:\users\Angie\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2009-10-03 10:59 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-20 23:06 . 2010-03-11 06:00 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-11 06:00 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-11 06:00 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-12 10:32 . 2010-03-09 07:50 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-09 14:48 . 2009-09-09 18:32 939 ----a-w- c:\windows\system32\dmlg.dat 2010-01-25 12:00 . 2010-02-24 16:43 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-24 16:43 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-24 16:43 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-24 16:43 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-24 16:43 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-24 16:43 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-24 16:43 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-24 16:43 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21 . 2010-02-24 16:43 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 09:26 . 2010-02-24 16:43 2048 ----a-w- c:\windows\system32\tzres.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-27 2387968] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):e9,5b,58,6e,b8,51,ca,01 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-09 721904] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-06-08 36608] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520] S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-12-10 13312] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072] S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-08-28 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-01-27 21:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe FF - ProfilePath - c:\users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\ftb972wf.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.meinvz.de FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q= FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\ftb972wf.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-04-20 15:57 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2010-04-20 16:01:37 ComboFix-quarantined-files.txt 2010-04-20 14:01 Vor Suchlauf: 7 Verzeichnis(se), 39.979.843.584 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 39.930.376.192 Bytes frei - - End Of File - - A6DC57B5FD315FCDCE02612410503BFB |
irgendwie lief das bei mir anders als in der anleitung.... startete sofort und ich konnt überhaupt nichts einstellen! ich hoffe da is jetzt nichts schief gelaufen....!? |
oh hatte denccleaner vergessen ... ComboFix 10-04-19.05 - Angie 20.04.2010 16:13:33.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3197.2169 [GMT 2:00] ausgeführt von:: c:\users\Angie\Desktop\cofi.exe.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((( Dateien erstellt von 2010-03-20 bis 2010-04-20 )))))))))))))))))))))))))))))) . 2010-04-20 14:22 . 2010-04-20 14:22 -------- d-----w- c:\users\Angie\AppData\Local\temp 2010-04-20 14:22 . 2010-04-20 14:22 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-04-20 14:22 . 2010-04-20 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-20 14:06 . 2010-04-20 14:06 -------- d-----w- c:\program files\CCleaner 2010-04-20 13:42 . 2010-04-20 14:01 -------- d-----w- C:\cofi.exe 2010-04-19 22:27 . 2010-04-19 22:27 -------- d-----w- C:\_OTL 2010-04-19 16:12 . 2010-04-19 16:12 -------- d-----w- c:\users\Angie\AppData\Roaming\Malwarebytes 2010-04-19 16:12 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-19 16:11 . 2010-04-19 16:11 -------- d-----w- c:\programdata\Malwarebytes 2010-04-19 16:11 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-19 16:11 . 2010-04-19 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-14 20:08 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 20:08 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 20:08 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 20:08 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-14 20:08 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 20:08 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 20:07 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-14 20:07 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-14 20:07 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-14 15:43 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 15:43 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-03-31 19:23 . 2010-03-31 19:23 -------- d-----w- c:\program files\iPod 2010-03-31 19:23 . 2010-03-31 19:25 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-03-31 19:17 . 2010-03-31 19:18 -------- d-----w- c:\program files\QuickTime 2010-03-31 19:13 . 2010-03-31 19:13 -------- d-----w- c:\program files\Bonjour 2010-03-31 19:07 . 2010-03-31 19:07 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-03-31 09:23 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll 2010-03-31 09:23 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-20 13:43 . 2008-12-10 19:48 12 ----a-w- c:\windows\bthservsdp.dat 2010-04-20 08:30 . 2009-02-24 18:05 -------- d-----w- c:\users\Angie\AppData\Roaming\ICQ 2010-04-19 22:27 . 2010-01-19 15:37 -------- d-----w- c:\program files\ICQ6Toolbar 2010-04-18 13:29 . 2008-12-10 02:40 40032 ----a-w- c:\windows\system32\perfc007.dat 2010-04-18 13:29 . 2008-12-10 02:40 123164 ----a-w- c:\windows\system32\perfh007.dat 2010-04-15 08:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-15 07:57 . 2008-12-10 03:23 -------- d-----w- c:\programdata\Microsoft Help 2010-03-31 19:25 . 2009-12-24 19:55 -------- d-----w- c:\program files\iTunes 2010-03-31 19:23 . 2009-12-24 19:50 -------- d-----w- c:\program files\Common Files\Apple 2010-03-31 18:10 . 2010-01-19 15:37 -------- d-----w- c:\program files\ICQ7.0 2010-02-24 17:04 . 2009-02-25 00:16 101608 ----a-w- c:\users\Angie\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2009-10-03 10:59 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-20 23:06 . 2010-03-11 06:00 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-11 06:00 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-11 06:00 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-12 10:32 . 2010-03-09 07:50 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-09 14:48 . 2009-09-09 18:32 939 ----a-w- c:\windows\system32\dmlg.dat 2010-01-25 12:00 . 2010-02-24 16:43 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-24 16:43 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-24 16:43 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-24 16:43 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-24 16:43 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-24 16:43 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-24 16:43 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-24 16:43 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21 . 2010-02-24 16:43 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 09:26 . 2010-02-24 16:43 2048 ----a-w- c:\windows\system32\tzres.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-27 2387968] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-03-28 133368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):e9,5b,58,6e,b8,51,ca,01 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-09 721904] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-06-08 36608] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520] S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-12-10 13312] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072] S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-08-28 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-01-27 21:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe FF - ProfilePath - c:\users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\ftb972wf.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.meinvz.de FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q= FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\ftb972wf.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-04-20 16:22 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(2520) c:\windows\system32\btmmhook.dll . Zeit der Fertigstellung: 2010-04-20 16:27:53 ComboFix-quarantined-files.txt 2010-04-20 14:27 ComboFix2.txt 2010-04-20 14:01 Vor Suchlauf: 11 Verzeichnis(se), 40.593.977.344 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 40.564.281.344 Bytes frei - - End Of File - - DEF02EB433CCAF9D351F9B16F888D100 |
Nein, ist schon alles ok ;) Sieht auch ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
ich kann nichts mehr öffnen ohne ne fehlermeldung zu bekommen...irgendnen registrierungsschlüssel bla bla....:( |
Ist das erst nach Combofix so? :eek: |
ja....was bedeutet das jetzt? |
Hast Du den Rechner schonmal neugestartet? |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 11:09 Uhr. |
Copyright ©2000-2025, Trojaner-Board