| |
| |||||||
Log-Analyse und Auswertung: HDD Trojaner eingefangen , Was tun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.05.2012, 12:40
| #1 |
| |  HDD Trojaner eingefangen , Was tun? Hallo Trojaner Team, ich habe mir gerade diesen HDD Trojaner eingefangen. Auf dem Desktop bekam ich die Rückmeldung : System message - write fault error !!!!! Was soll ich tun ? Habe mittlerweile ein bisschen gestöbert und gelesen, dass mit Malwarebytes ein Suchlauf gemacht werden solle. Dieser läuft gerade. Für weitere iIstruktionen wäre ich euch sehr dankbar!!!! Schreibe gerade meine Examensarbeit auf dem Rechner !!!!!  OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.05.2012 14:41:38 - Run 4 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\passy\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 64,09% Memory free 3,75 Gb Paging File | 3,00 Gb Available in Paging File | 79,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,73 Gb Total Space | 11,53 Gb Free Space | 23,65% Space Free | Partition Type: NTFS Drive D: | 100,22 Gb Total Space | 54,69 Gb Free Space | 54,57% Space Free | Partition Type: NTFS Computer Name: PASSYS-PC | User Name: passy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\passy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\XBFasGNlMWwat.exe ( ) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\AstSrv.exe (Nalpeiron Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (astcc) -- C:\Windows\System32\AstSrv.exe (Nalpeiron Ltd.) ========== Driver Services (SafeList) ========== DRV - (UsbserFilt) -- system32\DRIVERS\usbser_lowerfltj.sys File not found DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found DRV - (nmwcdc) -- system32\drivers\ccdcmbo.sys File not found DRV - (nmwcd) -- system32\drivers\ccdcmb.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB CA 88 7D B3 D2 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.04.21 20:36:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.14 16:49:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.10 21:48:56 | 000,000,000 | ---D | M] [2010.04.03 21:15:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\passy\AppData\Roaming\mozilla\Extensions [2012.05.03 10:42:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\passy\AppData\Roaming\mozilla\Firefox\Profiles\7sjptd3k.default\extensions [2012.03.28 19:32:16 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\passy\AppData\Roaming\mozilla\Firefox\Profiles\7sjptd3k.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.24 22:20:13 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\passy\AppData\Roaming\mozilla\Firefox\Profiles\7sjptd3k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.09 12:58:34 | 000,000,950 | -H-- | M] () -- C:\Users\passy\AppData\Roaming\Mozilla\Firefox\Profiles\7sjptd3k.default\searchplugins\icqplugin-1.xml [2011.11.10 18:32:22 | 000,000,950 | -H-- | M] () -- C:\Users\passy\AppData\Roaming\Mozilla\Firefox\Profiles\7sjptd3k.default\searchplugins\icqplugin-2.xml [2011.09.04 17:20:11 | 000,000,950 | -H-- | M] () -- C:\Users\passy\AppData\Roaming\Mozilla\Firefox\Profiles\7sjptd3k.default\searchplugins\icqplugin-3.xml [2011.07.19 12:58:04 | 000,000,950 | -H-- | M] () -- C:\Users\passy\AppData\Roaming\Mozilla\Firefox\Profiles\7sjptd3k.default\searchplugins\icqplugin-4.xml [2011.09.06 19:18:50 | 000,000,950 | -H-- | M] () -- C:\Users\passy\AppData\Roaming\Mozilla\Firefox\Profiles\7sjptd3k.default\searchplugins\icqplugin-5.xml [2011.09.13 17:29:57 | 000,000,950 | -H-- | M] () -- C:\Users\passy\AppData\Roaming\Mozilla\Firefox\Profiles\7sjptd3k.default\searchplugins\icqplugin-6.xml [2011.10.05 16:39:23 | 000,000,950 | -H-- | M] () -- C:\Users\passy\AppData\Roaming\Mozilla\Firefox\Profiles\7sjptd3k.default\searchplugins\icqplugin-7.xml [2011.03.30 15:14:34 | 000,001,042 | -H-- | M] () -- C:\Users\passy\AppData\Roaming\Mozilla\Firefox\Profiles\7sjptd3k.default\searchplugins\icqplugin.xml [2012.01.15 21:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.05.14 16:49:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.06 15:46:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.06 15:46:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.06 15:46:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.06 15:46:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.06 15:46:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.06 15:46:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [XBFasGNlMWwat.exe] C:\ProgramData\XBFasGNlMWwat.exe ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\passy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\passy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\passy\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\passy\Desktop\PartyPoker.lnk File not found O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D9FBEB-C4D9-4A94-B220-0F8EA22528A7}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24707A2-7587-44F6-9572-C9E94A03AFF1}: NameServer = 192.168.168.209 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0683c8c0-94d0-11df-ad42-001a6bf0d96f}\Shell - "" = AutoRun O33 - MountPoints2\{0683c8c0-94d0-11df-ad42-001a6bf0d96f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0683c8c7-94d0-11df-ad42-001a6bf0d96f}\Shell - "" = AutoRun O33 - MountPoints2\{0683c8c7-94d0-11df-ad42-001a6bf0d96f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ac1ad4dd-95dc-11df-a3a6-001a6bf0d96f}\Shell - "" = AutoRun O33 - MountPoints2\{ac1ad4dd-95dc-11df-a3a6-001a6bf0d96f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ac1ad4e3-95dc-11df-a3a6-001a6bf0d96f}\Shell - "" = AutoRun O33 - MountPoints2\{ac1ad4e3-95dc-11df-a3a6-001a6bf0d96f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bb786028-a223-11df-b03e-001a6bf0d96f}\Shell - "" = AutoRun O33 - MountPoints2\{bb786028-a223-11df-b03e-001a6bf0d96f}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O33 - MountPoints2\{c9e5fb6d-28de-11e1-bebc-b9951b2ba1d3}\Shell - "" = AutoRun O33 - MountPoints2\{c9e5fb6d-28de-11e1-bebc-b9951b2ba1d3}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{f383c730-1e6d-11e1-8df2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f383c730-1e6d-11e1-8df2-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\explorer.exe -- [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.15 12:33:47 | 000,595,456 | -H-- | C] (OldTimer Tools) -- C:\Users\passy\Desktop\OTL.exe [2012.05.15 11:52:57 | 000,000,000 | -H-D | C] -- C:\Users\passy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.05.14 16:49:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Mozilla [2012.05.14 16:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.05.10 21:47:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.09 13:08:40 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.05.09 13:08:39 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.05.09 13:08:39 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.05.09 13:08:26 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.05.01 01:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iGrafx [2012.05.01 01:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Vivid Creations Ltd [2012.05.01 01:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\VideoSoft [2012.04.28 14:02:43 | 000,000,000 | -H-D | C] -- C:\Users\passy\AppData\Roaming\iGrafx [2012.04.28 13:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iGrafx [2012.04.28 13:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\iGrafx [2010.06.24 18:19:05 | 096,768,824 | -H-- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.15 14:39:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.15 14:38:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.15 14:38:10 | 1509,400,576 | -HS- | M] () -- C:\hiberfil.sys [2012.05.15 14:24:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.15 12:42:03 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.15 12:42:03 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.15 12:42:03 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.15 12:42:03 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.15 12:27:34 | 000,015,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.15 12:27:34 | 000,015,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.15 12:14:18 | 000,595,456 | -H-- | M] (OldTimer Tools) -- C:\Users\passy\Desktop\OTL.exe [2012.05.15 11:57:02 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.15 11:52:59 | 000,000,662 | -H-- | M] () -- C:\Users\passy\Desktop\Data_Recovery.lnk [2012.05.15 11:52:28 | 000,000,256 | -H-- | M] () -- C:\ProgramData\b9evj3yUSp7Tfl [2012.05.15 11:28:12 | 000,383,488 | -H-- | M] ( ) -- C:\ProgramData\XBFasGNlMWwat.exe [2012.05.10 22:03:30 | 000,000,432 | -H-- | M] () -- C:\Windows\BRWMARK.INI [2012.05.10 21:33:53 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.04 16:03:24 | 000,007,680 | -H-- | M] () -- C:\Users\passy\netcache.dat [2012.05.01 14:55:56 | 000,111,616 | -H-- | M] () -- C:\Users\passy\Desktop\Neu2.igx [2012.05.01 14:11:27 | 000,002,560 | -H-- | M] () -- C:\Users\passy\cdcache.dat [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.15 11:57:02 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.15 11:52:59 | 000,000,662 | -H-- | C] () -- C:\Users\passy\Desktop\Data_Recovery.lnk [2012.05.15 11:52:26 | 000,000,256 | -H-- | C] () -- C:\ProgramData\b9evj3yUSp7Tfl [2012.05.15 11:30:40 | 000,383,488 | -H-- | C] ( ) -- C:\ProgramData\XBFasGNlMWwat.exe [2012.05.01 13:04:27 | 000,002,560 | -H-- | C] () -- C:\Users\passy\cdcache.dat [2012.05.01 12:32:50 | 000,111,616 | -H-- | C] () -- C:\Users\passy\Desktop\Neu2.igx [2012.04.28 13:41:06 | 000,007,680 | -H-- | C] () -- C:\Users\passy\netcache.dat [2012.01.13 13:00:25 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{3A3DE6CF-08D5-486A-9758-41C7B38855FB} [2011.11.14 18:13:39 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{E77D6BF4-D842-4FFF-9EB9-0A89AA1FA4B4} [2011.11.01 22:56:35 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{FB5BDB91-2CC9-4DF8-8487-8A915B129BB4} [2011.10.23 11:28:20 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{F01F44C5-F596-40E7-A055-F9CE68BC6F27} [2011.08.23 20:52:57 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{3171C498-D7CE-49B9-A26A-4FAFBBB9341E} [2011.08.15 16:41:03 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{777F6070-9191-4E66-9325-14282F71C48C} [2011.08.09 00:08:11 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{5C2BFD57-4F27-4BFC-9B79-B7B2D3FAC41F} [2011.07.24 14:51:42 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{D6EF1EEB-5179-4AFF-8DC0-D68E3A4B6E64} [2011.07.11 18:32:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.09 18:11:08 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{AD72B519-6679-443A-9B1A-C7DBCBD49535} [2011.06.02 03:48:02 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{B872549B-11AC-47D6-A05C-D3A61F08F214} [2011.05.27 11:22:34 | 000,000,000 | -H-- | C] () -- C:\Users\passy\AppData\Local\{C8B98732-46F8-400A-BC3B-4393C9245A82} [2011.02.05 11:39:28 | 168,166,968 | -H-- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2010.10.30 13:47:39 | 000,000,458 | ---- | C] () -- C:\Windows\{682E39A0-0576-4422-8328-3B7E56346653}_WiseFW.ini [2010.05.25 23:09:59 | 000,000,286 | ---- | C] () -- C:\Windows\{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}_WiseFW.ini < End of report > EXTRAS.txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.05.2012 14:41:38 - Run 4
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\passy\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 64,09% Memory free
3,75 Gb Paging File | 3,00 Gb Available in Paging File | 79,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 11,53 Gb Free Space | 23,65% Space Free | Partition Type: NTFS
Drive D: | 100,22 Gb Total Space | 54,69 Gb Free Space | 54,57% Space Free | Partition Type: NTFS
Computer Name: PASSYS-PC | User Name: passy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB900E2-CEBF-446B-A8AE-A0B8202D4226}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18187416-0C01-4346-A37C-DE661A3D35A5}" = lport=139 | protocol=6 | dir=in | app=system |
"{1A697B8A-44E4-4352-97AD-B096B60F91F2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1CA940DC-79DB-478F-9ED0-30FD9719D126}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2F8FCF34-D4FA-4B9F-8C25-B1ACD0EAF714}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F7D7602-4A54-4F32-97CE-BE1ED9586513}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{463828DE-C8A1-4A5A-AB24-6805BC1A8BDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DDEA057-50F0-4156-96E6-D6F95183CAEC}" = lport=138 | protocol=17 | dir=in | app=system |
"{4EEE8537-4EE8-4874-A6B0-9F28952F3294}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{548A4FF6-341B-4490-8A63-7601C55DB221}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54A9053F-9BA0-489C-ABF0-8DFAE0D11FC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F75ED19-6AF9-40B4-9914-0933350D5164}" = lport=137 | protocol=17 | dir=in | app=system |
"{6CAF6ECE-1E26-464B-ABF8-CBE0F74EA07B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A9ADC34-A1B6-4B2B-B8A6-5FDD7D4299C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8026A4F1-1686-4C77-BFAD-D0319E983A7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81F1D3F2-4385-4A0F-9DB8-E63391A86F24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F0BFFDD-4F2C-471F-A3EC-6420A4786F4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9629DE56-9E83-441B-8788-BBC1A830F326}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F98DCBA-1F40-48D5-98D9-8AEFA7D284B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1611240-0637-4C83-AFBE-1BA5ECDA84C1}" = rport=137 | protocol=17 | dir=out | app=system |
"{AA9404AC-1A12-4FFE-BF1D-9254E531D3BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{AF90C9BD-520E-4F4E-AB0E-4DEA3E5F46F5}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4851EA7-6563-46FB-ABDF-8A6D915623B3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CCF7F033-0749-43B3-B64D-E10667AF5122}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D779FFB4-06AD-4DEE-B3C6-6DE405C40D9D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE7E10D2-C505-4D56-BE6F-120E166A8792}" = rport=139 | protocol=6 | dir=out | app=system |
"{E26E4E9F-D88C-430B-B2A9-443D1256C034}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDE3EB47-B922-4178-A95A-9435CF3FE25A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE6675B8-FE59-497B-B28C-8D0DE5141D61}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F048EAB6-51C2-40D3-AE66-6685B339E303}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F8301B72-6210-4554-9424-DB5E3E4C145D}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE7697E7-9264-4F55-9BCE-4703FF92B141}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0184110A-9892-4177-822B-595C3C5B7CBA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{10FBBC98-02EA-46B7-9416-4B6937A1ECAC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E761794-FD90-46BB-9CC8-EE18BD31102D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44EE5B9B-D24E-4640-8AA7-C0B7EC6C7270}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49B559D5-9E08-4AF8-8FDB-118B7E8887A8}" = protocol=6 | dir=in | app=c:\program files\ti education\ti-nspire cas\jre\bin\java.exe |
"{4AB38092-9156-4703-9E53-8811DE16C815}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{4CD2677B-B70B-4F05-870E-7ADCB1DECA9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{51DFF025-B199-4CDE-A1E8-7AAC08C4A3F8}" = protocol=17 | dir=in | app=c:\program files\common files\ti shared\commlib\1\jre\bin\java.exe |
"{55BA4190-C7AB-461F-8084-C88FF917652B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E1DF918-6766-45D1-9F32-8B9218B94DAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F223CDB-20B9-427F-9320-E68772BA43F2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{604F646D-9BA9-410D-8F49-3E9C8E18EDC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66930930-6C70-462D-9D5C-65CA71CB3F8D}" = protocol=17 | dir=in | app=c:\program files\ti education\ti-nspire cas\ti-nspirecas.exe |
"{67092AF0-8902-43F4-BE16-CC49986051AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7697A833-8B57-42D5-9B1F-1D657E2BB9C8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7EAE3664-8E32-4CB4-94A0-A4872249750D}" = protocol=6 | dir=in | app=c:\program files\ti education\ti-nspire cas\ti-nspirecas.exe |
"{873D9856-43DE-484A-B9E9-5A918D16ABE3}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{882E574D-3C91-4DAD-A38E-B9A7158A56B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A47F37D-C660-46A3-82CE-206879A08094}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8FFA5CB6-9D34-4E9F-9C97-0F0FFCB96859}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{992B34BB-062B-4D37-94B3-58C6E0F44B9C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9CACBBA5-35BF-4E64-871F-0D3E77ECFB73}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{9D422FE7-4516-46F0-AC58-5083595FBA5F}" = protocol=17 | dir=in | app=c:\program files\ti education\ti-nspire cas\jre\bin\java.exe |
"{9E3ACF10-BDB4-4B17-A675-4BBBD81732B7}" = protocol=6 | dir=out | app=system |
"{A01D9039-30A9-4C6C-BEC2-4BA9B427272C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD49B8F6-C879-4679-B9A3-2BA402E8C614}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B1FAD0ED-2335-4353-BD95-B97332C50776}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B45273D4-61D4-435C-9086-EE2791A7B296}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA426923-A45E-49C3-9927-A67EEEB1683F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{BE38FE2A-F7C8-48AA-96B7-9123FEBAFDD5}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{C41D3A10-210F-49B4-AEC9-0979DCF509B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2C6A42F-AEB9-403A-A65C-E967DB03ACDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DA180388-BB84-40E2-A1E3-57FA2280DF1F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA61246A-ACE6-4D07-8C2F-B503AA977E14}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F212EF9A-4FE6-4D41-B58B-F2384837BE1A}" = protocol=6 | dir=in | app=c:\program files\common files\ti shared\commlib\1\jre\bin\java.exe |
"{FFBB8E3C-50C4-4F49-8596-E18805D709A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{3C8D4BE2-51FC-4864-9410-E289C7EDD73D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{46AD7243-211A-47F3-9204-CE7C4A6A9E79}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{74CEB425-EF2F-4567-BE38-35915D128513}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{8CCAF04C-F6C7-4343-AB04-90E3639E9284}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{A02D99D2-9B86-46F8-B31A-F2547764ABE8}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{D9695EC5-6B51-49B9-ABF1-174840EF54B6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3622785C-D618-458C-A793-4FCBADBA6114}" = TI-Nspire™ CAS Computer Software Lehrerausgabe
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{682E39A0-0576-4422-8328-3B7E56346653}" = TI-Nspire(TM) CAS Student Software
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}" = Connectivity Library and TI-Nspire™ handheld drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4009EBB-0818-454F-A6E8-BBAAAEEF89E6}" = TI-Diagnostics Tool
"{B433B7D6-0A97-4ED4-BE64-863A0B3A0776}_is1" = YouFreeTV Version 0.02
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C3968E34-F620-4707-9965-15E1E7151031}" = iGrafx FlowCharter 2000 Professional
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Broadcom 802.11 Application" = Broadcom Wireless Utility
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 11.64.1403" = Opera 11.64
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
"Skat-Online V8" = Skat-Online V8
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
| Themen zu HDD Trojaner eingefangen , Was tun? |
| dankbar, desktop, education, eingefangen, error, gefangen, gen, install.exe, intranet, langs, malwarebytes, message, microsoft office word, msn deutschland, plug-in, rechner, rückmeldung, searchscopes, suchlauf, system, taskhost.exe, troja, trojaner, trojaner eingefangen, version=1.0, was tun, was tun?, write, write fault error |
Baum-Darstellung