| |
| |||||||
Log-Analyse und Auswertung: Virus- laut Antivir KaziWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.04.2011, 18:41
| #1 |
 |  Virus- laut Antivir Kazi Hallo ihr, ich hab inzwischen alles gemacht. Ich hab des mit Otl gemacht. Bei Extras.txt steht:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/28/2011 7:21:05 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Julia
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 73.45 Gb Free Space | 73.45% Space Free | Partition Type: NTFS
Drive D: | 188.07 Gb Total Space | 187.86 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
Computer Name: JULIA-PC | User Name: Julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2651A51A-4EA2-4DF6-9F0D-43DDA7D2D6B1}" = ebi.BookReader3J
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B288A23-A385-BA17-E1DA-5F3E9AFA2F45}" = Internet Radio
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FF322B3-EDF0-49B9-97D1-29FED212800F}" = InternetRadioHelper
"{54A9A9E1-8C4C-44FE-AA6B-182EA1E779FD}" = Hercules WiFi Station N
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}" = LivCam
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CCDA3DD6-E33D-4D75-B7C9-FF585580CE83}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2007
"{90120000-0017-0410-0000-0000000FF1CE}_OMUI.it-it_{342281AF-B7FE-4999-BE64-29F7D6249970}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0413-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Dutch) 2007
"{90120000-0017-0413-0000-0000000FF1CE}_OMUI.nl-nl_{2E9BD56A-2290-46DA-869F-2EDCF0A24E8B}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.it-it_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.nl-nl_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.it-it_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.nl-nl_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.it-it_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.nl-nl_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.it-it_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.nl-nl_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_OMUI.it-it_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_OMUI.nl-nl_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2007
"{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0413-0000-0000000FF1CE}" = Microsoft Office O MUI (Dutch) 2007
"{90120000-0100-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2007
"{90120000-0101-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2007
"{90120000-0101-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"AsusInternetRadio.FE3DA72B022E78FEBEB750602F72A2E5E345080B.1" = Internet Radio
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Calculator_is1" = Calculator
"Eee Docking Touch_is1" = Eee Docking Touch 3.8.1
"FotoFun_is1" = FotoFun_3.3.0.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OMUI.fr-fr" = Microsoft Office Language Pack 2007 - French/Français
"OMUI.it-it" = Microsoft Office Language Pack 2007 - Italian/Italiano
"OMUI.nl-nl" = Microsoft Office Language Pack 2007 - Dutch/Nederlands
"PenWrite_is1" = PenWrite v1.9.20.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Touch Gate_is1" = Touch Gate 1.0.2.2
"TouchAPUninstaller" = 2DoorWay TouchSuite
"USB2.0 UVC WebCam " = USB2.0 UVC WebCam
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/19/2011 1:28:22 PM | Computer Name = Julia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: Flash10c.ocx, Version: 10.0.32.18,
Zeitstempel: 0x4a613d79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002268b3 ID des fehlerhaften
Prozesses: 0x4f8 Startzeit der fehlerhaften Anwendung: 0x01cbe65affb12a1e Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash10c.ocx Berichtskennung:
499f0aa7-524e-11e0-86f3-cf528d8f291e
Error - 3/28/2011 10:24:47 AM | Computer Name = Julia-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 179c Startzeit: 01cbed53912a1dd7 Endzeit: 0 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 3/28/2011 10:26:46 AM | Computer Name = Julia-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1518 Startzeit: 01cbed53e3e0326e Endzeit: 0 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 3/29/2011 6:16:28 AM | Computer Name = Julia-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: e34 Startzeit: 01cbedf9fce19cd3 Endzeit: 62 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 3/29/2011 6:42:04 AM | Computer Name = Julia-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 15e4 Startzeit: 01cbedfdb491e20e Endzeit: 0 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 3/29/2011 6:43:34 AM | Computer Name = Julia-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 488 Startzeit: 01cbedfdf129fa14 Endzeit: 0 Anwendungspfad: C:\Program
Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 4/6/2011 3:20:32 PM | Computer Name = Julia-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1324 Startzeit: 01cbf4871272e552 Endzeit: 47 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 4/9/2011 7:11:37 AM | Computer Name = Julia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: mshtml.dll, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c44e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001d9093 ID des fehlerhaften
Prozesses: 0x108c Startzeit der fehlerhaften Anwendung: 0x01cbf6a0ee3502d4 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: 22ce7fb9-629a-11e0-a6a0-c00dc952d62a
Error - 4/9/2011 12:31:13 PM | Computer Name = Julia-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Julia\AppData\Local\Temp\RarSFX1\redist.dll".
Die
abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/10/2011 11:39:45 AM | Computer Name = Julia-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 11fc Startzeit: 01cbf7952f6bfbbf Endzeit: 62 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
[ OSession Events ]
Error - 8/6/2010 10:18:34 PM | Computer Name = Julia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11/8/2010 9:37:41 AM | Computer Name = Julia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/6/2010 8:12:29 AM | Computer Name = Julia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
bei Otl.txt steht:OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/28/2011 7:21:05 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Julia Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 73.45 Gb Free Space | 73.45% Space Free | Partition Type: NTFS Drive D: | 188.07 Gb Total Space | 187.86 Gb Free Space | 99.89% Space Free | Partition Type: NTFS Computer Name: JULIA-PC | User Name: Julia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Julia\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\HerculesWiFiService.exe (Guillemot Corporation) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\ASUS\Eee Docking Touch\Eee Docking Touch.exe () PRC - C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () PRC - C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek) PRC - C:\Program Files\asus\2DoorWayTouchSuite\AsusUacSvc.exe () PRC - C:\Program Files\ASUS\TouchHomeKey\TouchHomeKey.exe () PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\XSManager\WTGService.exe () PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Julia\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (HerculesWiFi) -- C:\windows\System32\\HerculesWiFiService.exe () SRV - (AsusUacSvc) -- C:\Program Files\asus\2DoorWayTouchSuite\AsusUacSvc.exe () SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WTGService) -- C:\Program Files\XSManager\WTGService.exe () SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUS WebStorage] C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Eee Docking Touch] C:\Program Files\ASUS\Eee Docking Touch\Eee Docking Touch.exe () O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek) O4 - HKLM..\Run: [LiveUpdate] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PenWrite] C:\Program Files\ASUS\PenWrite\PenWrite.exe () O4 - HKLM..\Run: [starter4g] File not found O4 - HKLM..\Run: [SuperHybridEngine] File not found O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [TouchHomeKey] C:\Program Files\asus\TouchHomeKey\TouchHomeKey.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\windows\system32\ShellTrayDll.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2150f1d3-3fdc-11df-80cb-1c4bd6073675}\Shell - "" = AutoRun O33 - MountPoints2\{2150f1d3-3fdc-11df-80cb-1c4bd6073675}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/28 19:10:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Julia\OTL.exe [2011/04/28 17:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011/04/28 17:30:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/04/28 17:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/04/28 17:20:27 | 000,000,000 | -H-D | C] -- C:\Users\Julia\AppData\Roaming\Malwarebytes [2011/04/28 17:19:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/04/28 17:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/04/28 17:19:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011/04/28 17:19:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/04/28 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/04/28 10:49:27 | 000,000,000 | -H-D | C] -- C:\Users\Julia\AppData\Roaming\Avira [2011/04/27 23:09:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe [2011/04/27 23:09:18 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll [2011/04/27 23:09:18 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys [2011/04/27 23:09:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsutil.exe [2011/04/27 23:09:06 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2011/04/27 23:09:03 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2011/04/15 15:40:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll [2011/04/15 15:40:25 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll [2011/04/15 15:40:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe [2011/04/15 15:40:21 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2011/04/15 15:40:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2011/04/15 15:40:09 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2011/04/15 15:40:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2011/04/15 15:40:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2011/04/15 15:40:08 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2011/04/15 15:40:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2011/04/15 15:40:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2011/04/15 15:40:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2011/04/15 15:40:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2011/04/15 15:40:07 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec [2011/04/15 15:40:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2011/04/15 15:40:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2011/04/15 15:36:35 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2011/04/15 15:36:33 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe [2011/04/15 15:36:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2011/04/15 15:36:26 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll [2011/04/15 15:36:26 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll [2011/04/09 18:32:26 | 000,028,520 | -H-- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2011/04/09 18:32:23 | 000,137,656 | -H-- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2011/04/09 18:32:23 | 000,061,960 | -H-- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2011/04/09 18:32:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira [2011/04/09 18:32:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Avira [2011/04/01 15:02:43 | 000,000,000 | -H-D | C] -- C:\.jagex_cache_32 [2009/10/06 15:08:27 | 000,013,880 | -H-- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys [1 C:\Users\Julia\Documents\*.tmp files -> C:\Users\Julia\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/28 19:26:44 | 000,000,160 | ---- | M] () -- C:\Users\Julia\.bat [2011/04/28 19:11:52 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/28 19:11:52 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/28 19:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\OTL.exe [2011/04/28 19:02:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/04/28 19:02:07 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys [2011/04/28 17:30:48 | 000,001,216 | -H-- | M] () -- C:\Users\Julia\Desktop\Spybot - Search & Destroy.lnk [2011/04/28 17:08:51 | 000,377,260 | -H-- | M] () -- C:\Users\Julia\Desktop\Load.exe [2011/04/28 11:13:24 | 000,000,392 | -H-- | M] () -- C:\ProgramData\28630792 [2011/04/28 11:09:04 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~28630792 [2011/04/28 11:09:02 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~28630792r [2011/04/24 18:52:35 | 000,663,842 | -H-- | M] () -- C:\windows\System32\perfh007.dat [2011/04/24 18:52:35 | 000,624,292 | -H-- | M] () -- C:\windows\System32\perfh009.dat [2011/04/24 18:52:35 | 000,135,078 | -H-- | M] () -- C:\windows\System32\perfc007.dat [2011/04/24 18:52:35 | 000,110,276 | -H-- | M] () -- C:\windows\System32\perfc009.dat [2011/04/18 18:11:09 | 000,333,384 | -H-- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/04/15 17:33:01 | 000,000,034 | -H-- | M] () -- C:\Users\Julia\jagex_runescape_preferences.dat [2011/04/15 17:33:00 | 000,000,129 | -H-- | M] () -- C:\Users\Julia\jagex_runescape_preferences2.dat [2011/04/05 20:53:23 | 000,099,458 | -H-- | M] () -- C:\Users\Julia\Documents\Imma.pdf [1 C:\Users\Julia\Documents\*.tmp files -> C:\Users\Julia\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/28 17:30:48 | 000,001,216 | -H-- | C] () -- C:\Users\Julia\Desktop\Spybot - Search & Destroy.lnk [2011/04/28 17:08:49 | 000,377,260 | -H-- | C] () -- C:\Users\Julia\Desktop\Load.exe [2011/04/28 11:09:02 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~28630792 [2011/04/28 11:09:02 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~28630792r [2011/04/28 11:08:18 | 000,000,392 | -H-- | C] () -- C:\ProgramData\28630792 [2011/04/05 20:53:23 | 000,099,458 | -H-- | C] () -- C:\Users\Julia\Documents\Imma.pdf [2011/04/01 15:04:09 | 000,000,129 | -H-- | C] () -- C:\Users\Julia\jagex_runescape_preferences2.dat [2011/04/01 15:02:50 | 000,000,034 | -H-- | C] () -- C:\Users\Julia\jagex_runescape_preferences.dat [2011/02/10 02:41:01 | 000,007,607 | -H-- | C] () -- C:\Users\Julia\AppData\Local\Resmon.ResmonCfg [2011/01/18 20:27:31 | 000,001,940 | -H-- | C] () -- C:\Users\Julia\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/06/17 23:57:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/01/16 03:58:43 | 000,131,368 | -H-- | C] () -- C:\ProgramData\FullRemove.exe [2010/01/16 03:53:46 | 000,011,448 | -H-- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2010/01/16 03:53:39 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini [2010/01/16 03:26:49 | 000,013,931 | -H-- | C] () -- C:\windows\System32\RaCoInst.dat [2009/12/31 05:48:36 | 000,163,840 | -H-- | C] () -- C:\windows\System32\SM37XCoInst.dll [2009/10/26 05:38:22 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config [2009/07/27 00:01:28 | 000,663,842 | -H-- | C] () -- C:\windows\System32\perfh007.dat [2009/07/27 00:01:28 | 000,295,922 | -H-- | C] () -- C:\windows\System32\perfi007.dat [2009/07/27 00:01:28 | 000,135,078 | -H-- | C] () -- C:\windows\System32\perfc007.dat [2009/07/27 00:01:28 | 000,038,104 | -H-- | C] () -- C:\windows\System32\perfd007.dat [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,333,384 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,624,292 | -H-- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,110,276 | -H-- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== LOP Check ========== [2010/04/05 00:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Julia\AppData\Roaming\Asus [2010/01/16 04:03:46 | 000,000,000 | -H-D | M] -- C:\Users\Julia\AppData\Roaming\ASUS WebStorage [2011/04/27 23:23:56 | 000,000,000 | -H-D | M] -- C:\Users\Julia\AppData\Roaming\ICQ [2010/04/04 21:58:57 | 000,000,000 | -H-D | M] -- C:\Users\Julia\AppData\Roaming\TouchGate2Doorway [2010/06/19 18:38:02 | 000,000,000 | -H-D | M] -- C:\Users\Julia\AppData\Roaming\XSManager [2011/04/01 20:18:59 | 000,032,640 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und des mit der anti malware hab ich auch gemacht da steht: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6465 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 28.04.2011 18:55:35 mbam-log-2011-04-28 (18-55-35).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 144571 Laufzeit: 5 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 1 Infizierte Dateien: 6 Infizierte Speicherprozesse: c:\programdata\ltubjrjrdevvad.exe (Trojan.FakeAlert) -> 3556 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LtuBJrJRDEvvaD (Trojan.FakeAlert) -> Value: LtuBJrJRDEvvaD -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\Users\Julia\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\ltubjrjrdevvad.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Julia\AppData\Local\Temp\Low\adobe_flash_player.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Julia\AppData\Local\Temp\Low\tmp1D02.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Julia\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Julia\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Julia\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. ich hoffe des hilft, damit ihr mir helfen könnt. es ist übrigens windows 7 danke schon mal lg julia |
|
30.04.2011, 02:56
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus- laut Antivir KaziZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
30.04.2011, 20:00
| #3 | |
| | Virus- laut Antivir Kazi ok so hier jetzt der log von dem vollscan:
__________________Zitat:
|
|
01.05.2011, 14:15
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus- laut Antivir Kazi Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2150f1d3-3fdc-11df-80cb-1c4bd6073675}\Shell - "" = AutoRun
O33 - MountPoints2\{2150f1d3-3fdc-11df-80cb-1c4bd6073675}\Shell\AutoRun\command - "" = E:\autorun.exe
[2011/04/28 11:13:24 | 000,000,392 | -H-- | M] () -- C:\ProgramData\28630792
[2011/04/28 11:09:04 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~28630792
[2011/04/28 11:09:02 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~28630792r
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.05.2011, 16:59
| #5 | |
| | Virus- laut Antivir Kazi so hier der log: Zitat:
|
|
01.05.2011, 18:52
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus- laut Antivir Kazi Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Virus- laut Antivir Kazi |
|
01.05.2011, 19:40
| #7 | |
| | Virus- laut Antivir Kazi das is der log von dem kaspersky tool: Zitat:
ok, die unhide.exe ist jetzt 2 mal gelaufen (als Administrator ausgeführt) und meine desktop icons und mein startmenü sind immer noch leer ok, nochmal ein neues update zu dem startmenü. ich hab jetzt ordner da drin z.b. microsoft office, aber wenn ich des dann aufmache, dann ist kein word drin oder excel. wenn ich aber über die suche, word suche, findet er dokumente und die funktionieren dann auch ganz normal. also word geht schon noch. |
|
02.05.2011, 11:04
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus- laut Antivir Kazi Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 09:10
| #9 |
| | Virus- laut Antivir Kazi log vom combofix: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-02.04 - Julia 03.05.2011 9:51.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2038.1302 [GMT 2:00]
ausgeführt von:: c:\users\Julia\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Julia\OTL.exe
c:\windows\system32\service
c:\windows\system32\service\04042010_TIS17_SfFniAU.log
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-03 bis 2011-05-03 ))))))))))))))))))))))))))))))
.
.
2011-05-03 08:01 . 2011-05-03 08:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-03 07:41 . 2011-05-03 07:41 -------- d-----w- c:\program files\CCleaner
2011-05-02 20:42 . 2011-05-02 20:43 -------- d-----w- c:\programdata\Skype Extras
2011-05-02 20:42 . 2011-05-02 20:42 -------- d-----w- c:\program files\Common Files\Skype
2011-05-02 20:41 . 2011-05-02 20:42 -------- d-----r- c:\program files\Skype
2011-05-01 15:48 . 2011-05-01 15:48 -------- d-----w- C:\_OTL
2011-04-28 17:26 . 2011-04-28 17:26 160 ----a-w- c:\users\Julia\.bat
2011-04-28 15:30 . 2011-05-01 15:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-28 15:30 . 2011-04-30 17:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-28 15:20 . 2011-04-28 15:20 -------- d-----w- c:\users\Julia\AppData\Roaming\Malwarebytes
2011-04-28 15:19 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 15:19 . 2011-04-28 15:19 -------- d-----w- c:\programdata\Malwarebytes
2011-04-28 15:19 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 15:19 . 2011-04-28 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-28 08:49 . 2011-04-28 08:49 -------- d-----w- c:\users\Julia\AppData\Roaming\Avira
2011-04-15 13:40 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 13:36 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 13:36 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 13:36 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 13:36 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 13:36 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 13:36 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 13:36 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 13:36 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 13:36 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 13:36 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-09 16:32 . 2011-03-04 14:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-09 16:32 . 2011-03-04 12:36 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-09 16:32 . 2011-04-09 16:32 -------- d-----w- c:\programdata\Avira
2011-04-09 16:32 . 2011-04-09 16:32 -------- d-----w- c:\program files\Avira
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 05:33 . 2011-03-09 21:15 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 21:15 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 21:15 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 23:30 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Eee Docking Touch"="c:\program files\ASUS\Eee Docking Touch\Eee Docking Touch.exe" [2009-12-30 414896]
"TouchHomeKey"="c:\program files\asus\TouchHomeKey\TouchHomeKey.exe" [2009-08-13 248496]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-16 3058304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"PenWrite"="c:\program files\ASUS\PenWrite\PenWrite.exe" [2010-01-19 543920]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-16 2018032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2008-10-31 103424]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\asus\2DoorWayTouchSuite\AsusUacSvc.exe [2009-10-16 28848]
S2 HerculesWiFi;HerculesWiFi;c:\windows\system32\\HerculesWiFiService.exe [2010-11-17 53544]
S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2009-06-22 304592]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 603240]
S3 usbsmi;USB2.0 UVC WebCam ;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-12-25 181760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://web.de/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SuperHybridEngine - AsusSender.exe
HKLM-Run-LiveUpdate - AsusSender.exe
HKLM-Run-SynAsusAcpi - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-starter4g - c:\windows\starter4g.exe
AddRemove-USB2.0 UVC WebCam - c:\windows\system32\RemoveSM37X.exe USB\VID_13D3&PID_5111&MI_00 USB\VID_13D3&PID_5115&MI_00 USB\VID_13D3&PID_5126&MI_00 USB\VID_13D3&PID_5116&MI_00
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-03 10:08:17
ComboFix-quarantined-files.txt 2011-05-03 08:08
.
Vor Suchlauf: 10 Verzeichnis(se), 78.597.206.016 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 78.740.140.032 Bytes frei
.
- - End Of File - - EBD22D507646353C70565EE29B26E73C
|
|
03.05.2011, 10:49
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus- laut Antivir Kazi Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 12:12
| #11 |
| | Virus- laut Antivir Kazi GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15572 - hxxp://www.gmer.net
Rootkit scan 2011-05-03 13:05:10
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PB3O
Running: 7mmm3tct.exe; Driver: C:\Users\Julia\AppData\Local\Temp\ugloypod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82244589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82269092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Julia\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!UnhookWindowsHookEx 7606CC7B 5 Bytes JMP 65E783A2 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!CallNextHookEx 7606CC8F 5 Bytes JMP 65E59D94 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!CreateWindowExW 76070E51 5 Bytes JMP 65E68197 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!SetWindowsHookExW 7607210A 5 Bytes JMP 65E1463B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!DialogBoxIndirectParamW 76094AA7 5 Bytes JMP 65F8FED8 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!DialogBoxParamW 7609564A 5 Bytes JMP 65D84BA7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!DialogBoxParamA 760ACF6A 5 Bytes JMP 65F8FE75 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!DialogBoxIndirectParamA 760AD29C 5 Bytes JMP 65F8FF3B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!MessageBoxIndirectA 760BE8C9 5 Bytes JMP 65F8FE0A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!MessageBoxIndirectW 760BE9C3 5 Bytes JMP 65F8FD9F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!MessageBoxExA 760BEA29 5 Bytes JMP 65F8FD3D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] USER32.dll!MessageBoxExW 760BEA4D 5 Bytes JMP 65F8FCDB C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] ole32.dll!OleLoadFromStream 75C35BF6 5 Bytes JMP 65F9022B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] ole32.dll!CoCreateInstance 75C8590C 5 Bytes JMP 65E68C85 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] ws2_32.DLL!closesocket 77803BED 5 Bytes JMP 6DACEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] ws2_32.DLL!socket 77803F00 5 Bytes JMP 6DACE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] ws2_32.DLL!recv 778047DF 5 Bytes JMP 6DACF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] ws2_32.DLL!connect 778048BE 5 Bytes JMP 6DACE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] ws2_32.DLL!getaddrinfo 77806737 5 Bytes JMP 6DACE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1624] ws2_32.DLL!send 7780C4C8 5 Bytes JMP 6DACE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!CreateWindowExW 76070E51 5 Bytes JMP 65E68197 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!DialogBoxIndirectParamW 76094AA7 5 Bytes JMP 65F8FED8 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!DialogBoxParamW 7609564A 5 Bytes JMP 65D84BA7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!DialogBoxParamA 760ACF6A 5 Bytes JMP 65F8FE75 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!DialogBoxIndirectParamA 760AD29C 5 Bytes JMP 65F8FF3B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!MessageBoxIndirectA 760BE8C9 5 Bytes JMP 65F8FE0A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!MessageBoxIndirectW 760BE9C3 5 Bytes JMP 65F8FD9F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!MessageBoxExA 760BEA29 5 Bytes JMP 65F8FD3D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3248] USER32.dll!MessageBoxExW 760BEA4D 5 Bytes JMP 65F8FCDB C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000114 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ???p?z???&???p????????????????????????????`??q????????????$??p??????????????*6to4mp??????&???o?????????????????????????????????????????????????????????????????#????????????????????@FirewallAPI.dll,-23501??????????????????????????&???p???????????????????????????&??????????????????????????????tunnel????????L??p?????????n????.NTx86?FF-???|???|???&??????????????????????????????????????? ???m???????????????????t??Auto?????&???????????????????????????????????????????????????????o???p????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23505???????@FirewallAPI.dll,-23506??????????????????????????????????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P????????????????????-????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@Firewall
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route ?????????????????????? ??????{???e??????????tunnel??????*6to4mp??B??volsnap.inf:MSFT.NTx86:volume_snapshot_install:6.1.7600.16385:storage\volumesnapshot????volume_snapshot_install?????.NTx86????????????????????????.?????????????storage\volumesnapshot??????????ap??????????????????????????????????Microsoft???????Mi??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????6.1.7600.16385????????????????????????????????:?????????????????????????????????????USB\VID_1C9E&PID_9603&REV_0000&MI_02?USB\VID_1C9E&PID_9603&MI_02????????Monitor?????????????volsnap.inf:MSFT.NTx86:volume_snapshot_install:6.1.7600.16385:storage\volumesnapshot????????????????????{4d36e96d-e325-11ce-bfc1-08002be10318}\0000?????{36fc9e60-c465-11cf-8056-444553540000}??????????????????????????????????????????????????????????????????????????????USB\Class_ff&SubClass_ff&Prot_ff?USB\Class_ff&SubClass_ff?USB\Class_ff??????6to4mp.ndi???????????????h????????m????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export ???t?????{??11????????????????:??t????????h??????????????????????u???????????????y?????????????g???????t????????????? ?????????????t??????????V?????????&????????????????????5??? ???????t??????????????????????????????????? ???????t???????????????????????????????????????t??? ???????t???????????t????????<????? ??????????????????????????e?????????????????????????e??????????????????????????????? ???????o???????????s??????????b???????????Root\*6TO4MP\0092???11?psh????????????????????????6??t????????h?????system32\drivers\MSTEE.sys????????^??t?????????e????Microsoft Streaming Tee/Sink-to-Sink Converter???????t?t?t?t?t?t?t??????????????p???Net?e????????????????????%??\SystemRoot\system32\DRIVERS\msdsm.sys?-Pa?????*????????????????????? ???????o???????????t??????????L???????????? ???????t??????????????????????????+??????????????????????0DB?????t???t???t??ende??? ???????????????????t?,????????????&???????????????????????? ???p??????????????0.0.0.0?DC???????????????t??????et??? ???g??????????????????????????????s??????
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d92697
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6073675
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ?????????????????????????????????????????}????$??o??????????????Root\*6TO4MP\0088?????????????????????6??o????????h?????@%SystemRoot%\system32\clfs.sys,-100????????????????????*6to4mp?????SCSI CDROM Class????@%SystemRoot%\system32\clfs.sys,-101???????????????g?7??????????????????????t???????FA??System32\CLFS.sys????????o??????p???????????????????????????????????????????????????????Net??????????y???????????????????????????????????????????????????????????n???????z???{???????????~???????????????????????q?????????????p?z??Net???????X???????????????????????????????J??o?????????n?????? ??p??????????????????????????????????????????????? ??????tu???????????o?o?o?o?o??? 6??o???0??????s9??USBSTOR\CdRom?USBSTOR\RAW??58c???????7??? ???????n???????????n????????4??????????????????????????????????????????????3??????TD??????? ???????n???????????n????????4?????????????????0???????????????????????????? ?????n???o???o???o????? ???????n???????????n????????4?????????????????????????????????????????????????? ???????p???????????n?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????LAN-Verbindung* 178?nd???????????n??????????????????????????text????? ???????????????????????????????????????????????????????t??{9B28CA8F-77FE-493B-9E78-216E5E2E3F3E}??????WDC WD25 00BB-00RDA0 USB Device?????????*6to4mp??????????????8???????????? ??????1????c37E??int?A}??????????????????Typ??????????????????n?|?????????????????????????k???.???????.??ROOT\*6TO4MP\0162??????????????????d?????????????8??????????nettun.inf???????????????????????????????0???????????f??????????????????? ??????????????????6to4mp.ndi??????? ????????????????????????"?????????????????????????????????????????????? .??????B?????\De????N????????????D?????????????j???e??????????????????????????udfs?4????????????????8???????????????????? ? *???????????????????????????.?????????????? p???????????????????????????????????????,?????????????????????*6to4mp??s??Microsoft????????????????f???????????-??????05????$??????E??????????????????????????????????????????????????? ?????????????????????5???????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????????????????????????????????????A??????"????????????????????????????????????????}???t??????????????in???????????B??TCPIP6TUNNEL?Tcpip6??1??? ???????i??????{0??????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????? ??????????????????6to4mp.ndi???????????????1??????????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{290F24A3-F8FD-485C-967A-793F66A890AC}] SEQPACKET 43????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????13??????? ?????????????????????1???????????????????????????????????????????????????????? ???? ???????9??????n-??6.1.7600.16385?AE3??Microsoft-6zu4-Adapter??????????????????? ?????????????????????1????????????????????? ?????????????????????1???????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????????????????????t???????????????????????60????P??t?????????e????{71a27cdd-812a-11d0-bec7-08002be2092f}??????{71a27cdd-812a-11d0-bec7-08002be2092f}\0002??0????N???????????D?? ????????????????????????????????t??????4?g?????????l??????p????????????????????????}??????????????????????? l??n???????????????????l???????????????l???????6???l?l???????????????????????l?&??????????@%systemroot%\system32\browser.dll,-102?????????11??in???????t???l?l?l???l?m?l???????z???z??? ???????l???????????k?-??????????????????????s?????????????????????????? ???????l?????????????-?????????????????f??? ???????l?????l???????1??L????????? ??????????????l???l???l?????????????l??????????????? ???????l?????l???????1????????????&???????????????????????? ???????l?????l???????1?????????????????????l?l????? ???????l???????????j?1?????????????????????????g???????????????l?????????????l????? ???????l?????l???????1????????????????????? ???????l???????????j?1????????????????????5&26a294bf&0?7??? ??????????????x??????????l????? ???????l?????l???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????????????????p??6_??.NT?B5???????????-??????78??Microsoft???? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????????????2??6E???????????????2??-8??Microsoft????????????n???????e??????T_??????????USB?????? ???????8?????A98??6-21-2006???? ?????????????????????1????????????????????????????????????????????????????? ?????????????????????1?????????????????????????????????????D??}???????e\??? ???????r??????nT??6.1.7600.16778?E2A??????????????????????? ?????????????????????1????????????????????? ?????????????????????1?????????????????????????????S??_T???????????B??-F??6.1.7600.16778?357???????????v??s\??? 0?????????????????????@usbstor.inf,%generic.mfg%;Kompatibles USB-Speicherger?t?_????B??????_??????????usb\class_08&subclass_06&prot_50?i??? ?????????????????????1????????????????????? ?????????????????????1????????B????????????????????????????0??BB????B??????6??}???usb\class_08&subclass_06&prot_50?i??? ?????????????????????1???????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????}???????????????????3???????????i???6???????|?|????????????????????????????????6.1.7600.16385???4????$??l???5???-??WAN Miniport (IP)????????????????4??????????????????????? ???????k?????l?????k?-??????????3??????????1????N??l?????????D????? ???????l???????????k?-????????N???????00????*??l???o?? (?????????????????????????l?&??????????????????????????????????? h??k???2?????2?2????h??????/?g?0???????????????????l?l???????????????????s?????l?l? ??ROOT\VOLMGR??????????????????????l?l?l????????????????????m?????? ???????k?????l?????k?-??????????4?????????????ms_pptpminiport?????? ???????l???????????k?-????????X????????????????l???5???????????j?????????????l?&???????i??????s???????????????????????????????? ???l?l??????????????h??????.?g?.???l?m???????l?&????:??????3?g?6???g?f?h?j?k?k?l?l?k?l?l???????k??????????{4d36e972-e325-11ce-bfc1-08002be10318}\0006??????????}???l?l?????????????z??{71a27cdd-812a-11d0-bec7-08002be2092f}\0005???????h??l?????g?????????????z???????????1???????????????????????l?l?????????k?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ??????????????????????????????`?????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}?? ???et???????????B???????????u??????????11????????:??????7??90??0000.001d.0007.001.000.000.000.000.000??????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0005?2N??@volsnap.inf,%msft%;Microsoft???{533c5b84-ec70-11d2-9505-00c04f79deaf}???????????&??????????????????????????????? ??????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}?ecu????<???????????????????????????N??????E?????D51??????????????????????????????????????int?el????N????????????D????????????11??????16???????????????????????????????????????e????????????????????????N?????????????????? ???????_?????l?7???????????????????????????????????????????????????????????e???????????????????????????????????j???-??sA??????????????????????????el???????????????????????????????????????????0??????????????????? ????????????????????X??????????t??? P??????A?????dap??????????????????????? ???????u?????u?u????X??????n???????????????????????????????????????v?????spi????N
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????????????t???????????????????????????E7??? ??,???????????x???? p?????????????????????????????????F}???????????B????N??????M?????Dft??????????????????OT??????ce???????2??????????????????????????????????nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?}???????????????????????????e??????nettun.inf??9-??????????????????????mp??????z?????????????????????N??????C?????D-B??{4d36e972-e325-11ce-bfc1-08002be10318}????????:????????g? ??????????@nettun.inf,%6to4mp.displayname%;Microsoft-6zu4-Adapter?????{4d36e972-e325-11ce-bfc1-08002be10318}\0119?????????????????????*6to4mp?????????????????????????????be??????be????(??????????????????e??*6to4mp?????@nettun.inf,%msft%;Microsoft????? ???????????????????????????????e?????????????????s?????????????????????????????????????????????????i??????{4d36e972-e325-11ce-bfc1-08002be10318}???????????i??????s???????????{4d36e972-e325-11ce-bfc1-08002be10318}???????g?h?j?j????????????1d??????????????N?????????????????????????z??????h??????{4d36e972-e325-11ce-bfc1-08002be103
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ????????????????????????????? ???????g??oem9.inf:Atheros.NTX86.6.1:ATHR_DEV_OS61_10891A3B.ndi:8.0.0.238:pci\ven_168c&dev_002b&subsys_10891a3b?????P??????F??t ???????????????????????????????????u??????????????????????????Microsoft-6zu4-Adapter #18?2E-??????????????????oem8.inf?????????????????????????????0??BT????Z?????????????????????? ??????????????????.N??????????????????machine.inf?????????in??usbport.inf???????????????????????$LAN-Verbindung* 29???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????4Microsoft-6zu4-Adapter #21????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ?????f?????????????????????????????????????s?????????????????z????????????????????????????8???????????????????N????????????????????????????????????????????????????????????s????@nettun.inf,%msft%;Microsoft?????Z?i???j???z?z???????????m???????????????????????{?{??????????????????????N????????????D??????:????????g?????????????????????????????????????????????????????????????????????????????????????????????????????U??? ????????????????z??????????x???????????????????????????z???u???k???o??????????Microsoft???????????????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{7A595DED-E63C-4A4D-8E4B-60EABFFF0322}] SEQPACKET 116???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{91F99339-4358-401D-9F0
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ????????????????? ???????l?????l?k??? "?????????????s???11??????6.1.7600.16385??????????????? ??????????????????????????????????????*6to4mp?ta???????????????e???????b??nettun.inf??????6.1.7600.16385??????TCPIP6TUNNEL?Tcpip6?????6to4mp.ndi????????X??????n???????? ?????????????ndis5_ip6_tunnel?%???????????u?????d?????????????A?????e 2??ROOT\*6TO4MP\0124???Typ??????????????????h??? ???????Z?????????????1????????????&???????????????????????? ?????????????????????1??????*?(??? ????????????????????e???????????????????????_????????????(?????????????LAN-Verbindung* 131?????????????? ?????????????????????????????? ???????????????? ????????????????????????????????????????????????????????c?????\\?\Root#*6TO4MP#0145#{cac88484-7515-4c03-82e6-71a87abac361}??????$??????T????????????N??????4?????D2E??????os??t???*6to4mp?t????????????D??????????PnPMonitor.Install?unn???????????????????????????????????e??????????????????????????? ??}???????????????int???????N??????0????D?4 ??????????? ?????????????????????1???????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ?????????????????B??????????????????????????????s????????????????????????????m???????}???????????? ?????????????2.0.5.3??????????????????????????????????0???????3???????????????????????s??????????t?????????????????c??????????????t???k????(??????z??????Modem Configuration???????x?????????????oem35.inf:Models:Modem2:2.0.5.3:usb\vid_1c9e&pid_9603&mi_02?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????5.????????????????????"?????????????Mobile Connector????????ct??????????????????????????????????????5.??????????????????????????????????Modem2??????????m2??????????????????????????????????.NT?????????.N????????????????????8?????????????usb\vid_1c9e&pid_9603&mi_02?????????_0????????????????????"?????????????Mobile Connector????????ct????????????????????F?????????????modemui.dll,ModemPropPagesProvider??????????er??????????????????????????????????????????????????????????????????Modem Configuration????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ?????s???????????????????????z???????u????????????????????m???????(??????????t????????????????????????????????????&LAN-Verbindung* 110??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????6Microsoft-6zu4-Adapter #100???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????????????????????tunnel???8??? ?????????????????????1??????????I?&???????????????????????? ???????@????????????????????$?N???????????TCPIP6TUNNEL?Tcpip6?????Microsoft-6zu4-Adapter??????????????????????{0EF72952-D177-49C2-92F9-E74C49A5BABA}??????*6to4mp?t????????????B??nettun.inf???e???????????9??????? ???????????????????????????????????h????$?????????????????*6to4mp?t???Typ???????????????????????????????.??????????????????????????}??????????????????????????????????????????6.1.7600.16385??????????????????????6to4mp.ndi?D9}???????????????????????????????? ??????f???e???? ?????????????tunnel??????????????????????????????? ?????????????????????1??????*?(??? ???????????????????????????????LAN-Verbindung* 133?6_???????????s???????????????????d????????????$?????????????????ROOT\*6TO4MP\0119??????????????????d????????????????????????? ??????????????????????????????<??????ios??? ??????????????????????????????????????????? ?????????????????????????????? ????????????????? ???????????c?????Netzwerkadresse?RO??? ?????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ????????????T"????N??????R??????????????????????????????????????Microsoft???11???????????????????????????"??????FB??{4d36e972-e325-11ce-bfc1-08002be10318}???????????d???????e??? ???k??? ???????0??nettun.inf:Microsoft.NTx86:6to4mp.ndi:6.1.7600.16385:*6to4mp?C??????????????????????????????????????????????????nettun.inf???????????????????????????????????4??6to4mp.ndi?1-0??????mp???????????C??P6???????????8??2C??*6to4mp?-B??????*6??????????????\???????????????????Microsoft???????Mi???????????A??85???????????-??81??????????? ???????B??????x?????z??????????????????h???3???????????????1??????6.1.7600.16385??$???Microsoft-6zu4-Adapter???????????????a??di??nettun.inf?cro??????nf??????????????????? ???u??? ??????????????????????????6-21-2006???????????????????????????????????????????????@nettun.inf,%msft%;Microsoft??????N????????????D????????????????????Rasl2tp??1??@nettun.inf,%msft%;Microsoft????????????????????X???X???????????????????????????????????????????? ?????sS ???????????????????????????4??????2??????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ????????????? ?????????????????????-?????????????????f????N??????B?????D22??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?ice??? ???????1?????????????,????????$?O?<???????????????????????????????MS??? ?????????????????????,????????z?????#CB-??????#?????$??????6???????}??Root\*6TO4MP\0076??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route ?????????????????????????????????????????????????????????????????e???????????????????l???????????????k??*6to4mp??????????????????????i??? ?????????????????????1????????????&????????????????????;??? ?????????????????????1????????z???????????? ?????????????????????1??????????????????????????????????N??????_????Dl??????<???????????h??????? ????????????e?????????????B????????????~??????l??23???????????-??????-A???????????????e??*6to4mp?????Netzwerkadresse?? ??????????????#????n?z????????????????????ndis5_ip6_tunnel????????????????????????????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4D19DD9F-59FA-4B17-8863-C823BE8CC24C}] SEQPACKET 95????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????l??????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ?????????t?t???t?????????????????????????d????????????N??????d??????????TCPIP6TUNNEL?Tcpip6?????\\?\Root#*6TO4MP#0088#{cac88484-7515-4c03-82e6-71a87abac361}?3????$??????}???????R??*6to4mp??????????????t??????? ?????????????????????1??L????????? ???????}????????????????????0??????????????????????d????????????*??????????d???nettun.inf??????????#???? 0?????????????????volume_snapshot_install?????? ???{???????????????????~???????????????????@??????????????? ??????????????????? ??????????????????6.1.7600.16385????????.??????<??????????storage\volumesnapshot?<?<??????????????????????? :?????????????????? 0?????????????????????????????? ?????????????????????5?????????????????????????????????????????????????????????????????????????????????????????????}??? ?????????????????????,??????????????#?????? ?????????????????????1????????????????????6to4mp.ndi???e??????????????????????????#???????????#????(N???????????????????????????????N?????????D????????????_??????????{00000000-0000-0000-0000-000000000000}??????}??????????
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind ????????????!??????????????????y?????????????????????????????????????)?????????-?:??????????????????????????11??????? ??????????????????Internal????????Intel(R) Graphics Media Accelerator 3150??????@??????????????2??HIDClass?????????p???????????e?????????????U?????????????????@???????????#????e??9?????????????????IMB??NetCfgx.dll,NetPropPageProvider??????????????????h??????????Network adapters?2??????IntcAzAudModel???????????????e??????????????????????????????.NTx86??Pr???0?@????11??????? ???????h???????n????????????T???????????c??????????????????????????????????????4??????-D??1????????????????????????????????e???????????9???????9??? ??????????????e???????????????????1???????WPD??;???????????????????????9??????????????????????????????????????????????????????????????????????????????????8?????B?h????~??????????????C:\Users\Public\Recorded TV\* /s?????-?-* ??????????????????????????????????????????????????????????CurrentControlSet\Control\Session Manager\PendingFileRenameOperations2??????CurrentControlSet\Contr
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route ?????????????????????F?F?I???????'??????e???Root\*6TO4MP\0152???Processor????????????????-????????c??????I?I?I???????????i???????????????u???h???-?.?-???????????????,???'??V2.0|Action=Block|Dir=In|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_In_Block|Desc=Network rules for inbound traffic to AxInstSV|??????V2.0|Action=Allow|Dir=Out|Protocol=6|app=%windir%\System32\svchost.exe|Svc=AxInstSV|Name=AxInstSV_Out_Allow|Desc=Network rules for outbound TCP traffic from AxInstSV|??????? ???????'?????'??????????????????????????????s?????? ???????'????????????????????????????????s?????? ???????'????????????????????,?F??? ???????????????????????????????????%SystemRoot%\System32\wbiosrvc.dll??????? ???????'?????'?????'????*????????????????t????? ??????????????e???? ???????'???????????'????????&? ???????????????s????? ??'?????????????n????? ???????'???????????'?,??????,?F??? ???????????????????????????????????? F??'??????????????%SystemRoot%\System32\AxInstSV.dll??????? ???????'???????????'????????(????????
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export ???/?/??Net???????\??0???????????????0??rspndr?t?/??\\?\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}\{ddf4358e-bb2c-11d0-a42f-00a0c9223196}&{97EBAACB-95BD-11D0-A3EA-00A0C9223196}????????0???3??????????Net??~???/???????/??Net?"{????N??/???/??????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? `??0???????????????/?0?/?0?/?/????????6????????????L????`??/??????????????????x86 Family 6 Model 28 Stepping 10, GenuineIntel????????????????????s????bowser??s???? ???????????????? ????,??????(??????????a???????/???????????e?????0?&???0???0??????????????? ???????/???????????.?,??????(???????????????????????????????????????????????????????????"??0???????????????????/??????????????System?1?1??Link-Layer Topology Discovery Mapper I/O Driver??0??? ???????????????????0?-????????N????????????0?0?%?????0?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}?acy???0?0????mountmgr?0???-?.?.?.?.?.?????4?4?4???0?0?0?0?0?0?4??? ?????? ??????????????,??????`?????????????????Link-Layer Topology Discovery Responder??????0?0?/?/?/?/???
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d92697 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6073675 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???k????USBSTOR?9}??{8ECC055D-047F-11D1-A537-0000F8753ED1}?wer?????????????????sl????y??P???compositebus.inf:Microsoft.NTx86:CompositeBus_Device:6.1.7600.16385:root\compositebus????????????????????????k???????????????????????????????k???i??os???????????????????????j??????????6.1.7600.16385???????j?j????????????? ??um????2??j???????3???|?~?}???????????3???3???????????????????j?j?????????????????????????????????????j?j?????????k??????s???EraserUtilRebootDrv?????? "??k??????????????disk?????????j???S??R#??????EN???j??LegacyDriver?:???k???t?~?????j?j?j?????? ????e?????sNC???????t??RasPppoe????? ?????????????????????????????????sN????????????????????k?????k?&??????_R???????????????????k????(??j???????e???????j???????e???k??RasSstp??1???k???~?~?&???????j?????????????????????? ???????????cy???????????D??????-0???????????????&???????j???-??25???k???????5???l?l?:???????k???????????????????k??????????????????? ??WUDFRd?A8C??Network??????????????0???????????z??? ???m???5???????????z?z????battery.inf:Microsoft.NTx86:COM
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???k?????k?????k????? ???????k?????k???????1???????????????????????k?&???k??? ???????k???????????j?1?????????????????????????z???k???l?l???????k???k?????????????0?????????????k????? ???????k?????k???????1????????????????????LegacyDriver? ???k??? ???????k???????????j?1????????2????????????g?j?k?k?????????k???????k??????s8???k???k???????}???k?k?2?????k????? ???????k?????k???????1????????????????????? ???????k???????????j?1????????"???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??? ??Net??????l?k?2?????k????? ???????k?????k???????1?????????????????????????g???????e???????i???????e??? ???????k???????????j?1????????(????????????????????5???????|?}FA???????k???0??e2?????????????k???????k???k?????????k??? ??ED???k???k??????????????? ???????k?????k???????1????????????????????? ???????k???????????j?1?????????????????????k?k?k?k?????k?????k????? ???????k?????k???????1????????????????????? ???????k???????????j?1????????$???????????? ???????k?????????????-???????????????????????k???????j???????k????? ???????k?????k???
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???p?s?????????????????s?????????y??Microsoft????????????i???????????????????????????k???????????k???k?k??????>??k?????g???????????????????s?????h?k?k?k?k???k???????y??{00000000-0000-0000-ffff-ffffffffffff}??? ??@ksfilter.inf,%msft%;Microsoft???????????k???v??s5???????????????????0??? V??k???5??????????.NT?????Standardvolume??????.NTx86?6D5??Microsoft???SW\{cfd669f1-9bc2-11d0-8299-0000f822fe8a}?????????????????????????N??k????????D??????????f???0???e???????y???l?l?l??????????? ???????????????????????????k?k?2???????y??NDIS Proxy???????k?k?k?k?????k??rdbss????????k???k??USBSTOR?V6???????k???0???e???????????????????????????k???????????????????????l??????p???{00000000-0000-0000-0000-000000000000}?}?\???k?kNe???k???????{???k?????????????????????????????s??????:??????3?g?6????Z??n?????????e?????????i??????s????????h???????????}?}?t????8??n????????h??????}?}?z???????z??????????11???z???????????,???????/???????????????????|?}?}???????f???e???e???????k??????????????t????????????}?}???????????????????s?????}?}?z???l?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???k?s???????????????????????????y???k???????????????????????????????3?????s?????????j???v???e???{?{???????????????????????????????????????s?????????????????{?{?k???k?k?z???????????k??????cs???k?l86???k???k?????? ????/???????????????????3?g?3???????????E?????s02????t??????4?g?????????????O???N???????????F???8???????d??????s????????h???9???????????k?????????????n????????\T???????y???????{???g?k?k?k?????k?????????????? ????5?????s0F???????|??????????????????????PrinterBusEnumerator?9????N??m???4???????????????`???-???e??Net??????????{???????????3????????*??k???????????????????????????????k???????????t???t???????????k?l?k???}???}???l?los???k??????????avgntflt????LegacyDriver?p????N??l?????????4??????X??????6???????k???k???????????????g???????e??{4d36e972-e325-11ce-bfc1-08002be10318}???????????????????????k??????????????????????1c???????|???????????4???????????f??????s????????????????????????????l?l?k????N??k????????D?????Volume?8A9??volsnap??????????[??????s????????????????????????????????f??????af???????????k?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???p?p???????h???????????????????????|???????????????????D???????????????v?v?v??LocalSystem?????hpsamd.inf_x86_neutral_f4d0397ad0d9b1cc??????p?p?p?p?p?p?p?????????????g?????????????T??????1????v?v?v??? ???????o???????????p????????$???T???????p???????"??p?????????e????@comres.dll,-947?????????p????????h?????%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}???????"??p?????????n????@comres.dll,-948????? ???p??????????????????????????????????????????????t???????????????t?????????????????????0??p???????????e??RpcSs?EventSystem?SENS????????,??p???????????????????????????????????????p??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeDebugPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege??????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????o???????????p??????????R?U??????k????????????????????????????????????????R??p????????h?????\SystemRoot\system32\DRIVERS\crcdisk.sys??????,??p?????????e????Crcdisk Fil
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???s?q??? ???????o???????????p????????(?4?^?????????system32\DRIVERS\i8042prt.sys?8042prt.sys????????y??? ???g???;?????enu???q??????????*6to4mp??????????q??Tdx?nsi?????????????????????????? ???????????????????????????????????????????????????????q????(??????????????y???q??ServiceMain?????? ???????o?????q????Pq?2??????$?h?_???????????N??p?????????e????@%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p?????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n????@%SystemRoot%\System32\dnsapi.dll,-102?????????q0????p??? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????q????TDI?????????????????t??????? ?????????????,? q???????????????????p???????????e??????????????????????? F??q???????????????q????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????????q???????????q???????????????????????????????????????p?p?p?p?p?p?p?p?p?p?p?p????? ???????p?????p?????p?2??????,?F??? ???????????%SystemRoot%\System32\dnsrslvr.dll?????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???k?s??????????????????????LegacyDriver?T???????????????????A??40???????????b??_l??Microsoft???{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????}???????????????????????????????????n?ncg???????????0???????e???e???????s??{8ECC055D-047F-11D1-A537-0000F8753ED1}???????k?k?k?k?????k???????_???????e???????????????8???????????s??e????????????????????????????????????|???????????????????.???????1???????????????????????~??????storage\volume?E4D???k?k?????????????1??TO???????k??? ??st???????????????????????????????????????????????0?????????????????????????????????o?e????????????????????X??l???4???4??????????????????? ?????? ???????????????v??? ???????????????????????k???5??? ??????t-???????h????????????????????????????N??k???&?????D? ??????????????ac???n?n?n???????k???}??A1???k?k?????????????????????k?k?k??P???? ???????k?????k?????k?-??????????-?????????????????? ???????k???????????k?-????????N????????????????}????N??k???????????????????{??????????LegacyDriver?e????N??????d???????????????????k???????????????k?????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ???t?o??????et??? ???h???4?????72-????X??????y??????????????????? ???????t???????????t????????(??????????????????????????????'???????????'??? ???????t???????????t????????F????? ???????????? ??????????????g????#?????????????????????????c????3700??????????????????????????c????????????????????????????????t???t?????!??<?????????????????????c????????????????????????????c??????(??t??????p??????????????????????????????????????????????????s?????????????'???????'???"??????????????????????????????????<?????????????????????????N??t????????h??????t???!????????????????????????c??????????????????????????????t???t??????????????????<????'???????????????'???"??????????????????????????????? ???????????????????????????????????'???????????????'???!??<?????????????????????c?????5110?,????????????????????????c?????? ???????'??????????????????????????????????<????'???????????????c???t?t?t?t?t?t?t?t?t?t?t?t?t?t?t?t?t?t?t?t?t??? ???????o???????????t??????????P??????????????????????g??????X??????????t????$????????????e?????????z??sys
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ???|?p???????p?????????????g?????k?k?p?p?p????(??p??????p?????b??p?????????n?????????????????????????????????????????????????????W???{????????????????N??????????????????????l??????????FAT12/16/32 File System Driver???????????????????{??????????Net?????? ???????o?????p??????????????$???1?????????%SystemRoot%\System32\svchost.exe -k netsvcs????@%SystemRoot%\system32\qmgr.dll,-1001????????y???o?o?o?o?p?p?o???????????????????????p??????e???extended base???@%SystemRoot%\system32\qmgr.dll,-1000?????8??p????????h????????????????g????????????????????????????????PerfMon_Close????p?p?p???????????????????????????????p???????????????????????????????????????r?r?o???????????????????????s?s?q???????p???????????????????????|?????????????????????????????????g? ?????????????g????????????????????????e????p??? ???????o??????????????????????R?R??????????????????????????????????????????p?p?p??@%SystemRoot%\system32\drivers\fileinfo.sys,-100???????????????g?????p??RpcSs???????@%SystemRoot%\system32\drivers\fileinfo.sys,-101???????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???j?t??? Z??i??????????s?????X??i??????????TermDD??????? ???i??????????????E:\?tB??secdrv?0?&?????????????????????????s??????N??k????????D?????Base?$??ROOT\CompositeBus???????System?ind??Base?$???????i??????si???????e????N??i?????????D????NDIS????????????????????????TermDD??????{00000000-0000-0000-0000-000000000000}???????????g???0??????????????????????????D0??{4d36e97d-e325-11ce-bfc1-08002be10318}?on\??? &??i???-?????PRE???????i???e??s0????N??i????????D?????{4d36e966-e325-11ce-bfc1-08002be10318}??????{4d36e966-e325-11ce-bfc1-08002be10318}\0000???????V????????g????DETECTEDInternal\blbdrive?DETECTED\blbdrive???????N??i?????????DLe?????????????????s????????????????????DiskDrive???????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}???????????????_??BB??? b?????????????????? Z??i??????????????????`????5??????0F??network?????DETECTEDInternal\ACPI_HAL?DETECTED\ACPI_HAL??????e?g?j?i?k?k?k??System?exe???i???????????????????????5??????????????????????????MEDIA???? V??i???????????6??SW\{96e080c7-143c-11d1-b40f-00a0c922319
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ???|?|??system32\DRIVERS\disk.sys???????????Root\*6TO4MP\0103???? ???h?????????????????????????????e???????|?????????????????<????8???????????h??????????????????????t???????&?????????????????????????????????|?????????????}??????GR????8??|?????????-??????V??|?????????n????? ??0??????????0????NEC MBR-7 ?NEC MBR-7.4 ?PIONEER CHANGR DRM-1804X?PIONEER CD-ROM DRM-6324X?PIONEER CD-ROM DRM-624X ?TORiSAN CD-ROM CDR_C36??????????????|????R??|???????????d???????????k?k?l?l?t?k?t?t?t??????????????? ???|???????????????????????????h??????????????????????battery.inf_x86_neutral_5752155055c5e2d7?????????????????????????k?p?|??????@%systemroot%\system32\drivers\discache.sys,-101????????????????t???@%SystemRoot%\system32\drivers\http.sys,-2???????????????????????????????????????????????????????????????????????????????????|???k?k?t?t????system32\DRIVERS\CmBatt.sys?\CmBatt.sys?????Laufwerktreiber??????k?k?|?|?????????????i?k?k?o?|?|????Pointer Port????????????????t????????????????????????????|???????j???<???s?????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ???|?????????????}??????GR????8??|?????????-??????V??|?????????n????? ??0??????????0????NEC MBR-7 ?NEC MBR-7.4 ?PIONEER CHANGR DRM-1804X?PIONEER CD-ROM DRM-6324X?PIONEER CD-ROM DRM-624X ?TORiSAN CD-ROM CDR_C36??????????????|????R??|???????????d???????????k?k?l?l?t?k?t?t?t??????????????? ???|???????????????????????????h??????????????????????battery.inf_x86_neutral_5752155055c5e2d7?????????????????????????k?p?|??????@%systemroot%\system32\drivers\discache.sys,-101????????????????t???@%SystemRoot%\system32\drivers\http.sys,-2???????????????????????????????????????????????????????????????????????????????????|???k?k?t?t????system32\DRIVERS\CmBatt.sys?\CmBatt.sys?????Laufwerktreiber??????k?k?|?|?????????????i?k?k?o?|?|????Pointer Port????????????????t????????????????????????????|???????j???<???s???????????????????|???????????????????????|????$??~?????????????????????????????????????????????????????n?????l?i?|?|?|???????????????????????????????????????|???p??ei??????????????t??????????????g???????????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???t?????????z???z??255.0.0.0????????????????t???????m??????????????????????????????????????????????????0.0.0.0??????????????c???f???????????????????????}?}?}?}?}??RpcSs???????????????*6to4mp??{???????????z???z???z??????????0?X?????????????????? ???????t?????????????????????????? ?????????????N??t?????????e??????h??t????????h??????t??????????????? ???????o?????t?????t????????$?h???????????@%SystemRoot%\system32\qagentrt.dll,-6??????%SystemRoot%\System32\svchost.exe -k NetworkService???????N??t?????????n????@%SystemRoot%\system32\qagentrt.dll,-7??????? 8??t??????????????NT AUTHORITY\NetworkService??????t?t?t?t?t??????????????????????????????????t????t?t???????t???????? ????????????????t???????????e????,??t????????????????????????????????????`??t??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege???????t?t?t?t?t?t?t?t?t?t?t??????????????????????????? ???????t?????t???????????????????????????g????? ???????t?????t???????0????????????????????? ???????t?????????????0??????????????????s?????? ???????t?
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???u????%SystemRoot%\System32\rasmans.dll???????????????????????????????????????????????????????????.NTx86??????6-21-2006???? ???????u?????u?????u?????????????? ????????????????????????e??? ???????u???????????u????????????????????????????????????5?????? ???????o???????????u??????????R???????????????????????t????????????????????u?u?u????????????????????????P??u????????h?????\SystemRoot\system32\DRIVERS\nv_agp.sys??????u?u?u???u????:??u?????????e????NVIDIA nForce AGP Bus Filter?????????u??????p???PnP Filter???????u?u?u?u?u?u?u????R??u???????????d??machine.inf_x86_neutral_65848c2d7375a720????? ???????o???????????u??????????Z????????????????????????????????????i??_x???????????3??????f2????T??u????????h?????\SystemRoot\system32\DRIVERS\ohci1394.sys?????Z??u?????????e????1394 OHCI Compliant Host Controller (Legacy)??????L??u???????????d??1394.inf_x86_neutral_3fdff0af299d9ddf????u?u?u?u?u?u????? ???????o?????u?? ??u????????$???????????????R??u?????????e????@%SystemRoot%\system32\pnrpsvc.dll,-8004???????????????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???j?:??? ?????????????????????u????.NT?3.??????????@%systemroot%\system32\wkssvc.dll,-1000?????????????????t????e??????t?????X??????????t??text?????????????|??int?-3??Microsoft???? ???????u?????k?????u?????????????? ????????????????????????e??? ???????o?????u????????????????P????????????? ??h???????????e???????y???y???????????????????????e????????????<??~??????????????????????t??????????????u????%SystemRoot%\System32\rasmans.dll???????????????????????????????????????????????????????????.NTx86??????6-21-2006???? ???????u?????u?????u?????????????? ????????????????????????e??? ???????u???????????u????????????????????????????????????5?????? ???????o???????????u??????????R???????????????????????t????????????????????u?u?u????????????????????????P??u????????h?????\SystemRoot\system32\DRIVERS\nv_agp.sys??????u?u?u???u????:??u?????????e????NVIDIA nForce AGP Bus Filter?????????u??????p???PnP Filter???????u?u?u?u?u?u?u????R??u???????????d??machine.inf_x86_neutral_65848c2d7375a720????? ???????o???????????u??????????Z??
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???o?u???????p???o??Net??????????o???,???????&???????????????????????????????&??????????????????????????????????????????t????&???????????????????????????A???&??????????????????????????????????????????t????&???????f???????????????????A???&???????.???????????????????????????????????z???&???????????????????????????????????z???p?????p?z???&???p????????????????????????????`??q????????????$??p??????????????*6to4mp??????&???o?????????????????????????????????????????????????????????????????#????????????????????@FirewallAPI.dll,-23501??????????????????????????&???p???????????????????????????&??????????????????????????????tunnel????????L??p?????????n????.NTx86?FF-???|???|???&??????????????????????????????????????? ???m???????????????????t??Auto?????&???????????????????????????????????????????????????????o???p????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23505???????@FirewallAPI.dll,-23506????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route ???p?|???????z???????y???????????????t???????????p???&???????????????????????????????&??????????????????????????????RPCSS??-?-???p???????????????&???????????????????????????????????p???&?? ????????????????????????????????????????e???????????????????????&???????????????????????????????&????????????????????????????????N??p???????????d???&???????????????????????????????????p??RPCSS??-?-????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23505???????@FirewallAPI.dll,-23506??????????????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P????????????????????????????????????????????????|????????????X??????????t???? ??p???????t????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23505???????@FirewallAPI.dll,-23506????????????????
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???t????????????? ?????????????t??????????V?????????&????????????????????5??? ???????t??????????????????????????????????? ???????t???????????????????????????????????????t??? ???????t???????????t????????<????? ??????????????????????????e?????????????????????????e??????????????????????????????? ???????o???????????s??????????b???????????Root\*6TO4MP\0092???11?psh????????????????????????6??t????????h?????system32\drivers\MSTEE.sys????????^??t?????????e????Microsoft Streaming Tee/Sink-to-Sink Converter???????t?t?t?t?t?t?t??????????????p???Net?e????????????????????%??\SystemRoot\system32\DRIVERS\msdsm.sys?-Pa?????*????????????????????? ???????o???????????t??????????L???????????? ???????t??????????????????????????+??????????????????????0DB?????t???t???t??ende??? ???????????????????t?,????????????&???????????????????????? ???p??????????????0.0.0.0?DC???????????????t??????et??? ???g??????????????????????????????s???????????0.0.0.0?????????????? ???????o???????????s??????????\???????????????????????????????????????t??
---- EOF - GMER 1.0.15 ----
kannst du mir erklären wie des mit dem osam funktioniert? ich habs aufm desktop gespeichert aber des lässt sich nicht öffnen. da kommt manuell oder im internet nach programmen zum öffnen suchen. was heißt denn entpacken? danke :-) |
|
03.05.2011, 13:07
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus- laut Antivir Kazi Zum Entpacken musst du WinRAR oder 7Zip verwenden! => 7zip Download: mit 7-Zip Dateien packen und entpacken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 19:44
| #13 |
| | Virus- laut Antivir Kazi ich hab jetzt winzip und hab jetzt auch diese osam.exe aber wenn ich sie starten will, dann kommt: Das Programm kann nicht gestartet werden, da osam_gui.dll auf dem Computer fehlt. Installieren Sie das Programm erneut, um das Problem zu beheben. ich habs auch noch mal gelöscht und wieder installiert aber da kam dann des gleiche wieder. |
|
04.05.2011, 10:53
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus- laut Antivir KaziZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2011, 18:13
| #15 | |
| | Virus- laut Antivir Kazi ok, tut mir leid, des mit dem winzip, des hat mein gehirn irgendwie durcheinander geschmissen. ich habs jetzt geschafft :-) Osam: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:08:21 on 04.05.2011 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AsUpIO" (AsUpIO) - ? - C:\windows\System32\drivers\AsUpIO.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Julia\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ASUS Screen Saver Protector" - "ASUS" - C:\Windows\AsScrPro.exe "ASUS WebStorage" - ? - C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder "ASUSPRP" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\APRP\APRP.EXE "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Eee Docking Touch" - ? - C:\Program Files\ASUS\Eee Docking Touch\Eee Docking Touch.exe autorun "LivCam" - "ASUSTek" - "C:\Program Files\ASUS\LivCam\LivCam.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PenWrite" - ? - C:\Program Files\ASUS\PenWrite\PenWrite.exe AutoRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TouchHomeKey" - ? - C:\Program Files\asus\TouchHomeKey\TouchHomeKey.exe "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Asus process privilege adjust service" (AsusUacSvc) - ? - C:\Program Files\asus\2DoorWayTouchSuite\AsusUacSvc.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe "HerculesWiFi" (HerculesWiFi) - "Guillemot Corporation" - C:\windows\system32\HerculesWiFiService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "WTGService" (WTGService) - ? - C:\Program Files\XSManager\WTGService.exe (File found, but it contains no detailed information) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE] und des MBRCheck ist: Zitat:
|
|
| Themen zu Virus- laut Antivir Kazi |
| 32 bit, adobe, antivir, avg, avgntflt.sys, avira, bho, calculator, defender, desktop, disabletaskmgr, error, excel, extras.txt, flash player, format, home, host.exe, iexplore.exe, install.exe, installation, location, logfile, microsoft office word, nicht gefunden, office 2007, oldtimer, otl.txt, plug-in, programm, realtek, registry, rundll, safer networking, saver, scan, sched.exe, security, security update, server, shell32.dll, software, start menu, super, usb, webcheck, windows |
Linear-Darstellung
