| |
| |||||||
Log-Analyse und Auswertung: Internet Explorer und co öffnet ständig SeitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
02.06.2010, 22:44
| #1 |
 |  Internet Explorer und co öffnet ständig Seiten Guten Abend, zum einen ich weiß das es dieses Problem schon ein paar mal gibt aber ich möchhte da nicht in die Lösungen reinpfuschen von daher mach ich ein neues Thema auf. :-) Zum Glück bin ich nicht die einzige mit dem Problem so konnte ich mich schonmal ein wenig informieren. Ach ja ich bin nicht wirklich ein PC spezi, also seid bitte Nachsichtig mit mir. :-) So nun zum Problem: Seit einiger Zeit öffnen sich bei mir immer wieder zusätzliche Internet Seite. Allerdings von deinem Browser den ich nicht kenne. Es steht auch kein Browsername da sondern nur so ein paar bunte Zeichen. Bisher hat mich das nicht groß gestört denn das war nur wenn ich eh meinen Browser (Firefox) offen hatte und rum surfte. Seit heute allerdings macht das auch der IE und das auf sehr penetrante Art und weise und auch wenn ich absolut nichts offen habe. Gerade bei spielen nervt es kollosal da immer die Spiele unterbrochen werden :-( Ich habe mein Virenprogramm (Antivir) laufen lassen aber nicht wirklich was gefunden. Dann lies ich QuickStore laufen und habe da alles gelösch wie es in einem älteren Beitrag hier beschrieben wird. Bracht nur in sofern was, das die Abstände der Pop ups sich um ein paar Minuten vergrößert haben. Momentan lass ich eScan laufen und er hat schon ein paar Sachen gefunden aber ich weiß nicht ob das auch wirklich was ist. Ich poste die bisher gefunden gleichhier. Ich muss den Scan dann pausieren lassen da ich nur einen Laptop habe und der eh schon schnell heiß. Ich schalt ihn aber nicht aus sondern heut nacht nur auf Stand By. Morgen lass ich den Scan weiterlaufen. Viellecht kann schon jemand was mit dem gefunden anfangen. Vielen Dank schonmal!!!!! 02 Jun 2010 21:42:20 - ********************************************************** 02 Jun 2010 21:42:20 - eScan Anti Virus & Spyware Toolkit Utility. 02 Jun 2010 21:42:20 - Copyright © MicroWorld Technologies 02 Jun 2010 21:42:20 - ********************************************************** 02 Jun 2010 21:42:20 - Source: C:\Users\bianca\Desktop\Downloads\mwav.exe 02 Jun 2010 21:42:20 - Version 12.0.26 (C:\USERS\BIANCA\APPDATA\LOCAL\TEMP\MEXETMP.EX~) 02 Jun 2010 21:42:20 - Log File: C:\Users\bianca\AppData\Local\Temp\MWAV.LOG 02 Jun 2010 21:42:20 - MWAV Registered: TRUE 02 Jun 2010 21:42:20 - User Account: bianca (Administrator Mode) 02 Jun 2010 21:42:20 - OS Type: Windows Workstation 02 Jun 2010 21:42:20 - OS: Windows Vista [OS Install Date: 24 Dec 2007 21:25:27] 02 Jun 2010 21:42:20 - Ver: Personal Service Pack 2 (Build 6002) 02 Jun 2010 21:42:20 - System Up Time: 59 Minutes, 37 Seconds 02 Jun 2010 21:42:20 - Windows Root Folder: C:\Windows 02 Jun 2010 21:42:20 - Windows Sys32 Folder: C:\Windows\system32 02 Jun 2010 21:42:20 - DHCP NameServer: 192.168.2.1 02 Jun 2010 21:42:20 - Interface0 DHCPNameServer: 192.168.2.1 02 Jun 2010 21:42:20 - Local Fixed Drives: c:\,e:\ 02 Jun 2010 21:42:20 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 02 Jun 2010 21:42:20 - [CREATED ZIP FILE: C:\Users\bianca\AppData\Local\Temp\pinfect.zip] 02 Jun 2010 21:42:20 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ****** 02 Jun 2010 21:42:36 - C:\Windows\system32\CE6AF3E6A1.sys (8), 29-Dec-2007 [HSR] [Added C:\Windows\system32\CE6AF3E6A1.sys to ZIP FILE] 02 Jun 2010 21:42:43 - C:\Windows\system32\D3DCompiler_42.dll (1974616), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:44 - C:\Windows\system32\d3dcsx_42.dll (5501792), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:44 - C:\Windows\system32\d3dx11_42.dll (235344), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:50 - C:\Windows\system32\deployJava1.dll (411368), 02-Jun-2010, Sun Microsystems, Inc., Java(TM) Platform SE 6 U20 02 Jun 2010 21:44:19 - C:\Windows\system32\tzres.dll (2048), 26-May-2010, Microsoft Corporation, Betriebssystem Microsoft® Windows® 02 Jun 2010 21:44:34 - C:\Windows\system32\X3DAudio1_5.dll (23376), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_2.dll (238088), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_3.dll (235856), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_5.dll (238936), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_1.dll (68616), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_2.dll (70992), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_3.dll (69464), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_2.dll (509448), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_3.dll (514384), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_5.dll (515416), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\BACKUP.65854536.mexe.com (2353736), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\bdc.exe (91904), 02-Jun-2010, MicroWorld Tech, eScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\bdfltlib2k.dll (231944), 02-Jun-2010, MicroWorld Technologies Inc., eScan for Windows 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\clean.bat (11), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\clean.bat to ZIP FILE] 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\download.exe (934920), 02-Jun-2010, MicroWorld Technologies Inc., eScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\encdec.dll (120328), 02-Jun-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\erootdrv.sys (13832), 02-Jun-2010, MicroWorld Technologies Inc., eScan/MWAV 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\mexe.com (2476616), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\msvclnt.dll (236040), 02-Jun-2010, MicroWorld Technologies Inc., MailScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\MWAVSCAN.COM (2353736), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\plugins.htm (3498), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\plugins.htm to ZIP FILE] 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\red32.dll (10248), 02-Jun-2010, Microsoft Corporation, Microsoft® Windows® Operating System 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\reload.exe (154632), 02-Jun-2010, MicroWorld Technologies Inc., eScan for Windows 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\setpriv.exe (64008), 02-Jun-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\sshnas21.dll (241152), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\sshnas21.dll to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\unregx.exe (61960), 02-Jun-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\UPDLL10.DLL (845320), 25-May-2010, MicroWorld Technologies Inc., eScan/MailScan/MWAV 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\viewtcp.exe (573960), 02-Jun-2010, MicroWorld Technologies Inc., ViewTCP 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Xg1.exe (181248), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\Xg1.exe to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Xg6.exe (200704), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\Xg6.exe to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Windows\Fonts, 02-Nov-2006 [SR] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\ftpcache, 19-Apr-2008 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\logo_1.exe, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\Media, 02-Nov-2006 [SR] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\msdownld.tmp, 16-Apr-2007 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\RUNDL132.EXE, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\VDLL.DLL, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\system32\Microsoft, 02-Nov-2006 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\system32\runouce.exe, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Boot, 13-Apr-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Config.Msi, 02-Jun-2010 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Documents and Settings, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Dokumente und Einstellungen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData, 02-Nov-2006 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Programme, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\AVCBack, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\div4162.tmp, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\FtpTemp, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\FtpTempF, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\IM, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Log, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\plugins, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\tmp00007fd8, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\Avira, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\Microsoft, 24-Dec-2007 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\QuickStoresToolbar, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\SecuROM, 11-Jan-2008 [HR] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Anwendungsdaten, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Application Data, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\CanonBJ, 21-Jul-2008 [H] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Desktop, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\DivX, 30-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Documents, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Dokumente, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\FarmFrenzy3_Russia, 28-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Favoriten, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Microsoft, 02-Nov-2006 [S] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\MicroWorld, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Start Menu, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Startmenü, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Templates, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Vorlagen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Boot, 13-Apr-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Config.Msi, 02-Jun-2010 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Documents and Settings, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Dokumente und Einstellungen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\ProgramData, 02-Nov-2006 [H] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Programme, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Alawar Entertainment, 28-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\ClearProg, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Creative Installation Information, 21-Feb-2008 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Games, 31-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Gemeinsame Dateien, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Ubisoft, 01-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Xfire, 09-Jan-2008 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Common Files\MicroWorld, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - ********************************************************************************************* 02 Jun 2010 21:44:49 - Command Line Options Given: /xsign 02 Jun 2010 21:44:58 - Latest Date of files inside MWAV: Wed Jun 2 21:52:41 2010. 02 Jun 2010 21:44:58 - Plugins FileCount: 681 Sign Version: 7.31986 02 Jun 2010 21:44:59 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\bianca\AppData\Local\Temp\ESCANDB.LOG] 02 Jun 2010 21:45:00 - Loaded/Created FileScan Database... 02 Jun 2010 21:45:00 - Loading AV Library [DB]... 02 Jun 2010 21:45:06 - AV Library Loaded [DB-DIRECT]. 02 Jun 2010 21:45:06 - MWAV doing self scanning... 02 Jun 2010 21:45:07 - MWAV files are clean. 02 Jun 2010 21:45:12 - Virus Database Date: 02 Jun 2010 02 Jun 2010 21:45:12 - Virus Database Count: 6121217 02 Jun 2010 21:45:35 - ********************************************************** 02 Jun 2010 21:45:35 - eScan Anti Virus & Spyware Toolkit Utility. 02 Jun 2010 21:45:35 - Copyright © MicroWorld Technologies 02 Jun 2010 21:45:35 - 02 Jun 2010 21:45:35 - Support: support@escanav.com 02 Jun 2010 21:45:35 - Web: hxxp://www.escanav.com 02 Jun 2010 21:45:35 - ********************************************************** 02 Jun 2010 21:45:35 - Version 12.0.26[DB] (C:\USERS\BIANCA\APPDATA\LOCAL\TEMP\MEXETMP.EX~) 02 Jun 2010 21:45:35 - Log File: C:\Users\bianca\AppData\Local\Temp\MWAV.LOG 02 Jun 2010 21:45:35 - User Account: bianca (Administrator Mode) 02 Jun 2010 21:45:35 - Windows Root Folder: C:\Windows 02 Jun 2010 21:45:35 - Windows Sys32 Folder: C:\Windows\system32 02 Jun 2010 21:45:35 - OS: Windows Vista [OS Install Date: 24 Dec 2007 21:25:27] 02 Jun 2010 21:45:35 - Ver: Personal Service Pack 2 (Build 6002) 02 Jun 2010 21:45:35 - Latest Date of files inside MWAV: Wed Jun 2 21:52:41 2010. 02 Jun 2010 21:45:35 - Plugins FileCount: 681 Sign Version: 7.31986 02 Jun 2010 21:45:43 - Options Selected by User: 02 Jun 2010 21:45:43 - Memory Check: Enabled 02 Jun 2010 21:45:43 - Registry Check: Enabled 02 Jun 2010 21:45:43 - StartUp Folder Check: Disabled 02 Jun 2010 21:45:43 - System Folder Check: Disabled 02 Jun 2010 21:45:43 - Services Check: Enabled 02 Jun 2010 21:45:43 - Scan Spyware: Disabled 02 Jun 2010 21:45:43 - Drive Check: Disabled 02 Jun 2010 21:45:43 - All Drive Check :Enabled 02 Jun 2010 21:45:43 - Folder Check: Disabled 02 Jun 2010 21:45:43 - SCAN: All_Files 02 Jun 2010 21:45:43 - MWAV Mode: Only Scan files (Do Not Clean) 02 Jun 2010 21:45:45 - ***** Scanning Memory Files ***** 02 Jun 2010 21:46:40 - Scanning File C:\Users\bianca\AppData\Local\mutbihpv.exe 02 Jun 2010 21:46:40 - File C:\Users\bianca\AppData\Local\mutbihpv.exe infected by "Gen:Variant.NaviPromo.2 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:46:50 - ***** Scanning Registry Files ***** 02 Jun 2010 21:46:51 - ERROR!!! Invalid Entry = hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (in key HKLM\Software\Microsoft\Internet Explorer\Extensions\{C08CAF1D-C0A3-40D5-9970-06D067EAC017}). No Action Taken. 02 Jun 2010 21:47:00 - Invalid Entry DLLName = igfxdev.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui). Action Taken: Deleting Registry Key igfxcui. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry IgfxTray = C:\Windows\system32\igfxtray.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry HotKeysCmds = C:\Windows\system32\hkcmd.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry Persistence = C:\Windows\system32\igfxpers.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry HWSetup = \HWSetup.exe hwSetUP (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry NDSTray.exe = NDSTray.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry Performance Center = C:\Program Files\Ascentive\Performance Center\APCMain.exe -m (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - Invalid DLL [C:\Users\bianca\AppData\Local\Temp\efcBusQh.dll] in entry [MSServer=rundll32.exe C:\Users\bianca\AppData\Local\Temp\efcBusQh.dll,#1] 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry MSServer = C:\Windows\system32\rundll32.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry Host Process = C:\Users\bianca\svchost.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - Invalid DLL [C:\Users\bianca\AppData\Local\Temp\jkkHxVlM.dll] in entry [cmds=rundll32.exe C:\Users\bianca\AppData\Local\Temp\jkkHxVlM.dll,c] 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry cmds = C:\Windows\system32\rundll32.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:07 - Scanning File c:\users\bianca\appdata\local\mutbihpv.exe 02 Jun 2010 21:47:07 - File c:\users\bianca\appdata\local\mutbihpv.exe infected by "Gen:Variant.NaviPromo.2 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:47:08 - ***** Scanning Service Files ***** 02 Jun 2010 21:47:10 - ERROR!!! Invalid Entry "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" in HKLM\SYSTEM\CurrentControlSet\Services\Automatisches LiveUpdate - Scheduler. Action Taken: No Action Taken. 02 Jun 2010 21:47:10 - ERROR!!! Invalid Entry \SystemRoot\system32\drivers\blbdrive.sys in HKLM\SYSTEM\CurrentControlSet\Services\blbdrive. Action Taken: No Action Taken. 02 Jun 2010 21:47:24 - ERROR!!! Invalid Entry \??\C:\Users\bianca\AppData\Local\Temp\gkmixern.sys in HKLM\SYSTEM\CurrentControlSet\Services\gkmixern. Action Taken: No Action Taken. 02 Jun 2010 21:47:25 - ERROR!!! Invalid Entry system32\DRIVERS\igdkmd32.sys in HKLM\SYSTEM\CurrentControlSet\Services\igfx. Action Taken: No Action Taken. 02 Jun 2010 21:47:30 - ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\PDNMp50.sys in HKLM\SYSTEM\CurrentControlSet\Services\PDNMp50. Action Taken: No Action Taken. 02 Jun 2010 21:47:30 - ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\PDNSp50.sys in HKLM\SYSTEM\CurrentControlSet\Services\PDNSp50. Action Taken: No Action Taken. 02 Jun 2010 21:47:34 - C:\Windows\system32\Drivers\sptd.sys not Scanned. Possibly password protected... 02 Jun 2010 21:47:36 - ERROR!!! Invalid Entry c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe in HKLM\SYSTEM\CurrentControlSet\Services\TOSHIBA Bluetooth Service. Action Taken: No Action Taken. 02 Jun 2010 21:47:36 - ERROR!!! Invalid Entry system32\DRIVERS\TpChoice.sys in HKLM\SYSTEM\CurrentControlSet\Services\TpChoice. Action Taken: No Action Taken. 02 Jun 2010 21:47:41 - ***** Scanning All Drives ***** 02 Jun 2010 21:47:41 - Scanning C:\ Drive 02 Jun 2010 21:50:15 - C:\Boot\BCD not Scanned. Possibly password protected... 02 Jun 2010 21:50:15 - C:\Boot\BCD.LOG not Scanned. Possibly password protected... 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreA.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreB.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreC.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreD.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreE.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesA.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesB.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesC.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesD.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesE.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreA.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreB.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreC.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreD.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreE.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreF.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreF.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreG.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreG.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreH.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreH.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreI.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreI.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreJ.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreJ.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchA.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchB.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchC.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchD.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchE.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:56:43 - C:\Program Files\DAEMON Tools\SetupDTSB.exe not Scanned. Possibly password protected... 02 Jun 2010 22:27:13 - ScanFile took 6.96 Secs [C:\Program Files\Vuze\plugins\azemp\vuzeplayer.exe]... 02 Jun 2010 22:29:24 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4915192e.qua 02 Jun 2010 22:29:24 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4915192e.qua infected by "Gen:Adware.Heur.hq1@Rm!VmBji (DB)" Virus! Action Taken: No Action Taken. |
|
03.06.2010, 10:50
| #2 |
| | Internet Explorer und co öffnet ständig Seiten Guten morgen. Der Scan ist jetzt vollstäündig durchgelaufen: Hier die Log Files:
__________________02 Jun 2010 21:42:20 - ********************************************************** 02 Jun 2010 21:42:20 - eScan Anti Virus & Spyware Toolkit Utility. 02 Jun 2010 21:42:20 - Copyright © MicroWorld Technologies 02 Jun 2010 21:42:20 - ********************************************************** 02 Jun 2010 21:42:20 - Source: C:\Users\bianca\Desktop\Downloads\mwav.exe 02 Jun 2010 21:42:20 - Version 12.0.26 (C:\USERS\BIANCA\APPDATA\LOCAL\TEMP\MEXETMP.EX~) 02 Jun 2010 21:42:20 - Log File: C:\Users\bianca\AppData\Local\Temp\MWAV.LOG 02 Jun 2010 21:42:20 - MWAV Registered: TRUE 02 Jun 2010 21:42:20 - User Account: bianca (Administrator Mode) 02 Jun 2010 21:42:20 - OS Type: Windows Workstation 02 Jun 2010 21:42:20 - OS: Windows Vista [OS Install Date: 24 Dec 2007 21:25:27] 02 Jun 2010 21:42:20 - Ver: Personal Service Pack 2 (Build 6002) 02 Jun 2010 21:42:20 - System Up Time: 59 Minutes, 37 Seconds 02 Jun 2010 21:42:20 - Windows Root Folder: C:\Windows 02 Jun 2010 21:42:20 - Windows Sys32 Folder: C:\Windows\system32 02 Jun 2010 21:42:20 - DHCP NameServer: 192.168.2.1 02 Jun 2010 21:42:20 - Interface0 DHCPNameServer: 192.168.2.1 02 Jun 2010 21:42:20 - Local Fixed Drives: c:\,e:\ 02 Jun 2010 21:42:20 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 02 Jun 2010 21:42:20 - [CREATED ZIP FILE: C:\Users\bianca\AppData\Local\Temp\pinfect.zip] 02 Jun 2010 21:42:20 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ****** 02 Jun 2010 21:42:36 - C:\Windows\system32\CE6AF3E6A1.sys (8), 29-Dec-2007 [HSR] [Added C:\Windows\system32\CE6AF3E6A1.sys to ZIP FILE] 02 Jun 2010 21:42:43 - C:\Windows\system32\D3DCompiler_42.dll (1974616), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:44 - C:\Windows\system32\d3dcsx_42.dll (5501792), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:44 - C:\Windows\system32\d3dx11_42.dll (235344), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:42:50 - C:\Windows\system32\deployJava1.dll (411368), 02-Jun-2010, Sun Microsystems, Inc., Java(TM) Platform SE 6 U20 02 Jun 2010 21:44:19 - C:\Windows\system32\tzres.dll (2048), 26-May-2010, Microsoft Corporation, Betriebssystem Microsoft® Windows® 02 Jun 2010 21:44:34 - C:\Windows\system32\X3DAudio1_5.dll (23376), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_2.dll (238088), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_3.dll (235856), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\xactengine3_5.dll (238936), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_1.dll (68616), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_2.dll (70992), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAPOFX1_3.dll (69464), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_2.dll (509448), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_3.dll (514384), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:35 - C:\Windows\system32\XAudio2_5.dll (515416), 02-Jun-2010, Microsoft Corporation, Microsoft® DirectX for Windows® 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\BACKUP.65854536.mexe.com (2353736), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\bdc.exe (91904), 02-Jun-2010, MicroWorld Tech, eScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\bdfltlib2k.dll (231944), 02-Jun-2010, MicroWorld Technologies Inc., eScan for Windows 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\clean.bat (11), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\clean.bat to ZIP FILE] 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\download.exe (934920), 02-Jun-2010, MicroWorld Technologies Inc., eScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\encdec.dll (120328), 02-Jun-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\erootdrv.sys (13832), 02-Jun-2010, MicroWorld Technologies Inc., eScan/MWAV 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\mexe.com (2476616), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\msvclnt.dll (236040), 02-Jun-2010, MicroWorld Technologies Inc., MailScan 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\MWAVSCAN.COM (2353736), 02-Jun-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\plugins.htm (3498), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\plugins.htm to ZIP FILE] 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\red32.dll (10248), 02-Jun-2010, Microsoft Corporation, Microsoft® Windows® Operating System 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\reload.exe (154632), 02-Jun-2010, MicroWorld Technologies Inc., eScan for Windows 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\setpriv.exe (64008), 02-Jun-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility 02 Jun 2010 21:44:48 - C:\Users\bianca\AppData\Local\Temp\sshnas21.dll (241152), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\sshnas21.dll to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\unregx.exe (61960), 02-Jun-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\UPDLL10.DLL (845320), 25-May-2010, MicroWorld Technologies Inc., eScan/MailScan/MWAV 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\viewtcp.exe (573960), 02-Jun-2010, MicroWorld Technologies Inc., ViewTCP 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Xg1.exe (181248), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\Xg1.exe to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Xg6.exe (200704), 02-Jun-2010 [Added C:\Users\bianca\AppData\Local\Temp\Xg6.exe to ZIP FILE] 02 Jun 2010 21:44:49 - C:\Windows\Fonts, 02-Nov-2006 [SR] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\ftpcache, 19-Apr-2008 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\logo_1.exe, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\Media, 02-Nov-2006 [SR] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\msdownld.tmp, 16-Apr-2007 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\RUNDL132.EXE, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\VDLL.DLL, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Windows\system32\Microsoft, 02-Nov-2006 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Windows\system32\runouce.exe, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Boot, 13-Apr-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Config.Msi, 02-Jun-2010 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Documents and Settings, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Dokumente und Einstellungen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData, 02-Nov-2006 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Programme, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\AVCBack, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\div4162.tmp, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\FtpTemp, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\FtpTempF, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\IM, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\Log, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\plugins, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Local\Temp\tmp00007fd8, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\Avira, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\Microsoft, 24-Dec-2007 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\QuickStoresToolbar, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Users\bianca\AppData\Roaming\SecuROM, 11-Jan-2008 [HR] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Anwendungsdaten, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Application Data, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\CanonBJ, 21-Jul-2008 [H] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Desktop, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\DivX, 30-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Documents, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Dokumente, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\FarmFrenzy3_Russia, 28-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Favoriten, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Microsoft, 02-Nov-2006 [S] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\MicroWorld, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Start Menu, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Startmenü, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Templates, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\Vorlagen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Boot, 13-Apr-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Config.Msi, 02-Jun-2010 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Documents and Settings, 02-Nov-2006 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Dokumente und Einstellungen, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\ProgramData, 02-Nov-2006 [H] [Folder] 02 Jun 2010 21:44:49 - C:\ProgramData\..\Programme, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Alawar Entertainment, 28-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\ClearProg, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Creative Installation Information, 21-Feb-2008 [H] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Games, 31-May-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Gemeinsame Dateien, 24-Dec-2007 [HS] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Ubisoft, 01-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Xfire, 09-Jan-2008 [S] [Folder] 02 Jun 2010 21:44:49 - C:\Program Files\Common Files\MicroWorld, 02-Jun-2010 [Folder] 02 Jun 2010 21:44:49 - ********************************************************************************************* 02 Jun 2010 21:44:49 - Command Line Options Given: /xsign 02 Jun 2010 21:44:58 - Latest Date of files inside MWAV: Wed Jun 2 21:52:41 2010. 02 Jun 2010 21:44:58 - Plugins FileCount: 681 Sign Version: 7.31986 02 Jun 2010 21:44:59 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\bianca\AppData\Local\Temp\ESCANDB.LOG] 02 Jun 2010 21:45:00 - Loaded/Created FileScan Database... 02 Jun 2010 21:45:00 - Loading AV Library [DB]... 02 Jun 2010 21:45:06 - AV Library Loaded [DB-DIRECT]. 02 Jun 2010 21:45:06 - MWAV doing self scanning... 02 Jun 2010 21:45:07 - MWAV files are clean. 02 Jun 2010 21:45:12 - Virus Database Date: 02 Jun 2010 02 Jun 2010 21:45:12 - Virus Database Count: 6121217 02 Jun 2010 21:45:35 - ********************************************************** 02 Jun 2010 21:45:35 - eScan Anti Virus & Spyware Toolkit Utility. 02 Jun 2010 21:45:35 - Copyright © MicroWorld Technologies 02 Jun 2010 21:45:35 - 02 Jun 2010 21:45:35 - Support: support@escanav.com 02 Jun 2010 21:45:35 - Web: eScan - AntiVirus & Content Security 02 Jun 2010 21:45:35 - ********************************************************** 02 Jun 2010 21:45:35 - Version 12.0.26[DB] (C:\USERS\BIANCA\APPDATA\LOCAL\TEMP\MEXETMP.EX~) 02 Jun 2010 21:45:35 - Log File: C:\Users\bianca\AppData\Local\Temp\MWAV.LOG 02 Jun 2010 21:45:35 - User Account: bianca (Administrator Mode) 02 Jun 2010 21:45:35 - Windows Root Folder: C:\Windows 02 Jun 2010 21:45:35 - Windows Sys32 Folder: C:\Windows\system32 02 Jun 2010 21:45:35 - OS: Windows Vista [OS Install Date: 24 Dec 2007 21:25:27] 02 Jun 2010 21:45:35 - Ver: Personal Service Pack 2 (Build 6002) 02 Jun 2010 21:45:35 - Latest Date of files inside MWAV: Wed Jun 2 21:52:41 2010. 02 Jun 2010 21:45:35 - Plugins FileCount: 681 Sign Version: 7.31986 02 Jun 2010 21:45:43 - Options Selected by User: 02 Jun 2010 21:45:43 - Memory Check: Enabled 02 Jun 2010 21:45:43 - Registry Check: Enabled 02 Jun 2010 21:45:43 - StartUp Folder Check: Disabled 02 Jun 2010 21:45:43 - System Folder Check: Disabled 02 Jun 2010 21:45:43 - Services Check: Enabled 02 Jun 2010 21:45:43 - Scan Spyware: Disabled 02 Jun 2010 21:45:43 - Drive Check: Disabled 02 Jun 2010 21:45:43 - All Drive Check :Enabled 02 Jun 2010 21:45:43 - Folder Check: Disabled 02 Jun 2010 21:45:43 - SCAN: All_Files 02 Jun 2010 21:45:43 - MWAV Mode: Only Scan files (Do Not Clean) 02 Jun 2010 21:45:45 - ***** Scanning Memory Files ***** 02 Jun 2010 21:46:40 - Scanning File C:\Users\bianca\AppData\Local\mutbihpv.exe 02 Jun 2010 21:46:40 - File C:\Users\bianca\AppData\Local\mutbihpv.exe infected by "Gen:Variant.NaviPromo.2 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:46:50 - ***** Scanning Registry Files ***** 02 Jun 2010 21:46:51 - ERROR!!! Invalid Entry = Preispiraten.de - Preisvergleich (in key HKLM\Software\Microsoft\Internet Explorer\Extensions\{C08CAF1D-C0A3-40D5-9970-06D067EAC017}). No Action Taken. 02 Jun 2010 21:47:00 - Invalid Entry DLLName = igfxdev.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui). Action Taken: Deleting Registry Key igfxcui. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry IgfxTray = C:\Windows\system32\igfxtray.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry HotKeysCmds = C:\Windows\system32\hkcmd.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry Persistence = C:\Windows\system32\igfxpers.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry HWSetup = \HWSetup.exe hwSetUP (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:02 - ERROR!!! Invalid Entry NDSTray.exe = NDSTray.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry Performance Center = C:\Program Files\Ascentive\Performance Center\APCMain.exe -m (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - Invalid DLL [C:\Users\bianca\AppData\Local\Temp\efcBusQh.dll] in entry [MSServer=rundll32.exe C:\Users\bianca\AppData\Local\Temp\efcBusQh.dll,#1] 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry MSServer = C:\Windows\system32\rundll32.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry Host Process = C:\Users\bianca\svchost.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:03 - Invalid DLL [C:\Users\bianca\AppData\Local\Temp\jkkHxVlM.dll] in entry [cmds=rundll32.exe C:\Users\bianca\AppData\Local\Temp\jkkHxVlM.dll,c] 02 Jun 2010 21:47:03 - ERROR!!! Invalid Entry cmds = C:\Windows\system32\rundll32.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 02 Jun 2010 21:47:07 - Scanning File c:\users\bianca\appdata\local\mutbihpv.exe 02 Jun 2010 21:47:07 - File c:\users\bianca\appdata\local\mutbihpv.exe infected by "Gen:Variant.NaviPromo.2 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:47:08 - ***** Scanning Service Files ***** 02 Jun 2010 21:47:10 - ERROR!!! Invalid Entry "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" in HKLM\SYSTEM\CurrentControlSet\Services\Automatisches LiveUpdate - Scheduler. Action Taken: No Action Taken. 02 Jun 2010 21:47:10 - ERROR!!! Invalid Entry \SystemRoot\system32\drivers\blbdrive.sys in HKLM\SYSTEM\CurrentControlSet\Services\blbdrive. Action Taken: No Action Taken. 02 Jun 2010 21:47:24 - ERROR!!! Invalid Entry \??\C:\Users\bianca\AppData\Local\Temp\gkmixern.sys in HKLM\SYSTEM\CurrentControlSet\Services\gkmixern. Action Taken: No Action Taken. 02 Jun 2010 21:47:25 - ERROR!!! Invalid Entry system32\DRIVERS\igdkmd32.sys in HKLM\SYSTEM\CurrentControlSet\Services\igfx. Action Taken: No Action Taken. 02 Jun 2010 21:47:30 - ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\PDNMp50.sys in HKLM\SYSTEM\CurrentControlSet\Services\PDNMp50. Action Taken: No Action Taken. 02 Jun 2010 21:47:30 - ERROR!!! Invalid Entry \??\C:\Windows\system32\drivers\PDNSp50.sys in HKLM\SYSTEM\CurrentControlSet\Services\PDNSp50. Action Taken: No Action Taken. 02 Jun 2010 21:47:34 - C:\Windows\system32\Drivers\sptd.sys not Scanned. Possibly password protected... 02 Jun 2010 21:47:36 - ERROR!!! Invalid Entry c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe in HKLM\SYSTEM\CurrentControlSet\Services\TOSHIBA Bluetooth Service. Action Taken: No Action Taken. 02 Jun 2010 21:47:36 - ERROR!!! Invalid Entry system32\DRIVERS\TpChoice.sys in HKLM\SYSTEM\CurrentControlSet\Services\TpChoice. Action Taken: No Action Taken. 02 Jun 2010 21:47:41 - ***** Scanning All Drives ***** 02 Jun 2010 21:47:41 - Scanning C:\ Drive 02 Jun 2010 21:50:15 - C:\Boot\BCD not Scanned. Possibly password protected... 02 Jun 2010 21:50:15 - C:\Boot\BCD.LOG not Scanned. Possibly password protected... 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreA.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreB.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreC.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreD.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMCoreE.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMCoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesA.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesB.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesC.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesD.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:55 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMDataServicesE.dll 02 Jun 2010 21:55:55 - File C:\Program Files\Common Files\Nero\Lib\NMDataServicesE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreA.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreB.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreC.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreD.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreE.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreF.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreF.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreG.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreG.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreH.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreH.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreI.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreI.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:56 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreJ.dll 02 Jun 2010 21:55:56 - File C:\Program Files\Common Files\Nero\Lib\NMIndexStoreJ.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchA.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchA.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchB.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchB.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchC.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchC.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchD.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchD.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:55:57 - Scanning File C:\Program Files\Common Files\Nero\Lib\NMSearchE.dll 02 Jun 2010 21:55:57 - File C:\Program Files\Common Files\Nero\Lib\NMSearchE.dll infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken. 02 Jun 2010 21:56:43 - C:\Program Files\DAEMON Tools\SetupDTSB.exe not Scanned. Possibly password protected... 02 Jun 2010 22:27:13 - ScanFile took 6.96 Secs [C:\Program Files\Vuze\plugins\azemp\vuzeplayer.exe]... 02 Jun 2010 22:29:24 - Scanning File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4915192e.qua 02 Jun 2010 22:29:24 - File C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4915192e.qua infected by "Gen:Adware.Heur.hq1@Rm!VmBji (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 22:29:28 - C:\ProgramData\Avira\AntiVir Desktop\TEMP\avguard.tmp not Scanned. Possibly password protected... 02 Jun 2010 22:31:46 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log not Scanned. Possibly password protected... 02 Jun 2010 22:31:47 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log not Scanned. Possibly password protected... 02 Jun 2010 22:31:51 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb not Scanned. Possibly password protected... 02 Jun 2010 22:31:51 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb not Scanned. Possibly password protected... 02 Jun 2010 22:32:24 - INVALID ATTRIBUTES FOR FOLDER [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB PC Camera ]. IGNORING. 02 Jun 2010 22:40:30 - C:\Users\bianca\AppData\Local\Adobe\Acrobat\8.0\Updater\updater.log not Scanned. Possibly password protected... 02 Jun 2010 22:41:38 - Scanning File C:\Users\bianca\AppData\Local\IM\Identities\{1BF9C0B6-CD0A-43DF-BA2B-29CC48074C61}\Message Store\Attachments\Factura49.zip 02 Jun 2010 22:41:38 - File C:\Users\bianca\AppData\Local\IM\Identities\{1BF9C0B6-CD0A-43DF-BA2B-29CC48074C61}\Message Store\Attachments\Factura49.zip infected by "Gen:Trojan.Heur.bmW@rbTmwAlaf (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 22:48:13 - C:\Users\bianca\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 22:49:22 - Scanning File C:\Users\bianca\AppData\Local\mutbihpv.exe 02 Jun 2010 22:49:22 - File C:\Users\bianca\AppData\Local\mutbihpv.exe infected by "Gen:Variant.NaviPromo.2 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 23:01:38 - Scanning File C:\Users\bianca\AppData\Roaming\SecuROM\UserData\???????????p????????? 02 Jun 2010 23:01:38 - ERROR(3)!!! ScanFile fails for C:\Users\bianca\AppData\Roaming\SecuROM\UserData\???????????p????????? 02 Jun 2010 23:01:38 - Scanning File C:\Users\bianca\AppData\Roaming\SecuROM\UserData\???????????p????????? 02 Jun 2010 23:01:38 - ERROR(3)!!! ScanFile fails for C:\Users\bianca\AppData\Roaming\SecuROM\UserData\???????????p????????? 02 Jun 2010 23:06:49 - Scanning File C:\Users\bianca\Desktop\imsodx\iMSDOX-ZooTycoon2003P1_Trainer.exe 02 Jun 2010 23:06:49 - File C:\Users\bianca\Desktop\imsodx\iMSDOX-ZooTycoon2003P1_Trainer.exe infected by "Trojan.Generic.3249375 (DB)" Virus! Action Taken: No Action Taken. 02 Jun 2010 23:08:51 - C:\Users\bianca\ntuser.dat.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:16:52 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected... 02 Jun 2010 23:16:52 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected... 02 Jun 2010 23:16:54 - C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:16:55 - C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:19:04 - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 not Scanned. Possibly password protected... 02 Jun 2010 23:19:04 - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 not Scanned. Possibly password protected... 02 Jun 2010 23:19:25 - ScanFile took 12.84 Secs [C:\Windows\System32\atioglxx.dll]... 02 Jun 2010 23:20:21 - C:\Windows\System32\catroot2\edb.log not Scanned. Possibly password protected... 02 Jun 2010 23:20:21 - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected... 02 Jun 2010 23:20:21 - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\COMPONENTS not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\COMPONENTS.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\DEFAULT not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\DEFAULT.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\COMPONENTS not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\DEFAULT not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\SAM not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\SECURITY not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\SOFTWARE not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\RegBack\SYSTEM not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\SAM not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\SAM.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:20:32 - C:\Windows\System32\config\SECURITY not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SECURITY.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SOFTWARE not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SOFTWARE.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SOFTWARE.LOG2 not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SYSTEM not Scanned. Possibly password protected... 02 Jun 2010 23:20:33 - C:\Windows\System32\config\SYSTEM.LOG1 not Scanned. Possibly password protected... 02 Jun 2010 23:33:05 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl not Scanned. Possibly password protected... 02 Jun 2010 23:33:05 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl not Scanned. Possibly password protected... 02 Jun 2010 23:33:05 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl not Scanned. Possibly password protected... 02 Jun 2010 23:33:05 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl not Scanned. Possibly password protected... 02 Jun 2010 23:33:05 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl not Scanned. Possibly password protected... 03 Jun 2010 10:48:11 - Scanning E:\ Drive 03 Jun 2010 11:08:58 - ***** Checking for specific ITW Viruses ***** 03 Jun 2010 11:08:59 - ***** Scanning complete. ***** 03 Jun 2010 11:08:59 - Total Objects Scanned: 207128 03 Jun 2010 11:08:59 - Total Critical Objects: 6 03 Jun 2010 11:08:59 - Total Disinfected Objects: 0 03 Jun 2010 11:08:59 - Total Objects Renamed: 0 03 Jun 2010 11:08:59 - Total Deleted Objects: 0 03 Jun 2010 11:08:59 - Total Errors: 19 03 Jun 2010 11:08:59 - Time Elapsed: 03:10:57 03 Jun 2010 11:08:59 - Virus Database Date: 02 Jun 2010 03 Jun 2010 11:08:59 - Virus Database Count: 6121217 03 Jun 2010 11:08:59 - Scan Completed. |
|
03.06.2010, 16:31
| #3 |
| | Internet Explorer und co öffnet ständig Seiten Ich nochmal, hier auch mal die Files von OTL. Ich lass einfach mal alles so laufen was ich hier bei den anderen so finde. Aber bitte könnte sich jemand meiner annehmen??
__________________Das wäre super. Vielen Dank nochmal das ihr den LEuten hier so helft. :-) OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.06.2010 15:35:30 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\bianca\Desktop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 5,95 Gb Free Space | 7,98% Space Free | Partition Type: NTFS
Drive D: | 5,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 73,06 Gb Total Space | 28,99 Gb Free Space | 39,69% Space Free | Partition Type: NTFS
Drive F: | 612,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BIANCAS-PC
Current User Name: bianca
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068ECC26-936E-4E08-986B-F236C6EED446}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{0F47E7C2-3C25-4243-805B-0EF5F7EC145E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{11615A97-33A5-4D20-8A66-05E0D029E8D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27D8E3C6-B5FD-4C9D-A310-8A496E60D5DA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{2C8D5A6B-44D4-42BE-BB0E-097DB718952F}" = lport=6004 | protocol=17 | dir=in | app=e:\office12\outlook.exe |
"{38E528F4-A8F5-4228-97F5-7D85B6643D34}" = lport=7060 | protocol=6 | dir=in | name=84.17.180.120 |
"{4F994A27-4587-4BE1-8496-7A6180C98E13}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{605F60A4-0B7D-49CC-9D64-659508158668}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{64081A96-BFD3-4BDA-99A6-1B91FFCA05FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6494A7D3-0DFF-4998-AA2D-18BD83360545}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{67BBD2F3-5EDE-4C23-A601-30AD2DB71CC8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6D67E2CD-DABE-4262-B5BF-B96538AFC530}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{74DD70FA-649B-4859-91BA-FD2C6EB20035}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{78FF07C0-B66C-4F6E-987A-8D48D247B5C4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7D51151B-BFFC-495C-B23C-772353DDFB3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{80A2FD47-C1AC-4185-ADE3-11FD37761F72}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{86461E19-08ED-480F-9917-DE44C2C7CE56}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8873C567-FF8D-48D6-8A20-0D7227AF4A36}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{94131767-186E-4B7E-B583-9B728D785E36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{954010F2-85C4-41F1-9A6B-1C42B4DBA748}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9EEE41F7-8760-4BF7-BF4D-E62B016A2C8F}" = lport=7100 | protocol=6 | dir=in | name=hxxp://sadk.e-eis.net |
"{AC01D33C-CF3B-4F4B-9983-9C12A09F03CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5AEB80B-806F-40C9-AABA-529AFF89BE4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CC0C0615-A2C4-47C7-8814-AB26480CAD9F}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{CD2C202E-B289-415E-8EF7-2BC05B687632}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE802640-1225-4839-B20D-25B8A4B5318B}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{D39C02F2-E980-4176-95C9-AAFE53BD4FFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DAF1FC81-D611-4942-A68D-C447BD1663E6}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{E3C2771C-4EE6-4472-9D29-8C764FE00575}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ECF4CB68-C710-429A-9146-B3A7FC4767D3}" = lport=80 | protocol=6 | dir=in | app=system |
"{EFEF95CD-A358-4062-B67D-B6C183F193D4}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{F95320D9-D91C-490B-84F5-9DEE49BD8D44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D06829-19BA-4C1A-AE8C-0ACAD7A53EDB}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{03E10E59-805B-4543-99E6-9274C615B11C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{05F32B33-702B-4E27-A86E-538F5732C364}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{0FC18158-4EC4-43C7-9C02-77DB9116E32F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{17360FDA-804B-481F-8FDD-2997FD6B08B6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{188301AB-0905-4A17-ADF4-D2D7ABB3B8E2}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{1A1AC003-2D93-487E-8DCF-E71F18414261}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{20046A3C-1377-4891-B58B-C63FE1423640}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{3409AE99-BE65-4174-B072-86B5BFD44AF0}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{377504DC-8727-4769-8855-C34388C54EB0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{37CC9DF4-DE61-4A37-9ECB-72D551F734DE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4926188D-A666-47C1-9AFE-DF14B6CB5E1C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{49285878-59E7-445E-BC76-93AB5E52D898}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{54009EBB-9C8C-4A31-8AAD-3F213024C9A3}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{54D655EF-44CC-4582-8B7A-092AD4F459F4}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{5677F59C-E0E6-4CEB-B3A4-1CD97075D842}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{5965D249-4349-4480-B28C-647536C39E47}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5D3CBCAE-8949-4BFC-BF6E-93A2387E04AA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{61795B46-C5C4-43F4-941C-9B9350259CA0}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6AB9C893-42C5-41F0-A3CB-FD99DEAFA51B}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{6EA9A59A-C025-4055-BCA0-18588514B83B}" = protocol=6 | dir=in | app=c:\program files\msi\arcsoft totalmedia\totalmedia.exe |
"{786DEF3E-288C-465B-9E47-02BF1FAC3A07}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{8488A4C0-8E25-4243-9183-B068862EBCAC}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{935B27B6-7EBF-4E24-A97B-3CA0874238DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9E4A50FE-22B3-4F3A-B42A-9C1223A74BAE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9F9E35AE-03C7-4FD7-A745-7483C108B25A}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{9FF3D209-2793-45C6-9C35-3B7A9D5C3A60}" = protocol=6 | dir=in | app=e:\office12\onenote.exe |
"{A087952D-45F7-41B7-83CA-1035B44EBB02}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A0C7C87C-2D4A-4D23-A7F0-F3670096B63D}" = protocol=6 | dir=in | app=e:\office12\groove.exe |
"{A37B206E-1F21-472E-BD3D-CC2B843E9723}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{A3B0D00E-B998-4F26-A5A7-C5FA90807094}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{A4ADFC6F-D9BD-4868-B916-010A6E197EA5}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{ADFA35EB-7C07-43CC-8F32-C8E4B81694E7}" = protocol=17 | dir=in | app=e:\office12\onenote.exe |
"{B1D8115C-0419-48BB-8365-EE5EA4F785CB}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{B9BF67D0-22FF-410E-9FFB-3228630B54F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C4BE151B-AEDD-41CC-964C-F45EAD9FB67C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C8BC6A8F-4760-408B-80D9-539E0E036380}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C997DD90-B58E-4774-965E-D6F81F782886}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDC7560F-7A5A-4E4F-B9C3-31A511438C4E}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{D20F122D-F1D1-4B26-A582-45E92FEB319C}" = protocol=17 | dir=in | app=e:\office12\groove.exe |
"{D8A29F5D-E135-429A-AAD1-A1551E6C1A2D}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{E4C3F5E1-19B6-4E7F-9786-EE8072D26683}" = protocol=17 | dir=in | app=c:\program files\msi\arcsoft totalmedia\totalmedia.exe |
"{E5718534-DBEA-4688-B91B-92C2406C802E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E6C7DD93-33B6-4011-AEE0-6A2900B58207}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{E79E5147-B741-4604-A032-30F9913BE659}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{ECFB19C2-00E8-4EB9-83AE-041AEBC85687}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EE50654B-A6D8-4931-8A6A-5B10503D3184}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8BABA07-F01D-4DB5-B207-8F45BE64432E}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{FCCB2A33-014B-42D3-8B8A-40192567581B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0B84E3EE-4F81-4205-BB8F-6FDB8476AC1E}C:\program files\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"TCP Query User{2D3AAFA8-D63E-43C1-AA82-357D71143254}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{2D90B3DA-EA93-4BE8-B3B4-444F8CEA0E20}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{440A5B37-210D-4F56-8894-0DEB6FA54793}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"TCP Query User{597E5DD2-68F8-4C41-8A78-3A42E3B9AF16}C:\program files\emcrypt v4.1\emcrypt.exe" = protocol=6 | dir=in | app=c:\program files\emcrypt v4.1\emcrypt.exe |
"TCP Query User{6C1135F6-1B50-4F27-839F-B1CD2556AFDC}E:\die siedler - aufbruch der kulturen\bin\sadk.exe" = protocol=6 | dir=in | app=e:\die siedler - aufbruch der kulturen\bin\sadk.exe |
"TCP Query User{7E8A571D-5806-4D22-808B-C0926C540E9C}C:\program files\wyzo\wyzo.exe" = protocol=6 | dir=in | app=c:\program files\wyzo\wyzo.exe |
"TCP Query User{A6ADB237-0134-438A-9E42-1F2EB2DB4813}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"TCP Query User{B02371AE-3DE9-4FAD-9EC6-7EE723522391}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{D20FB5F5-C7AB-45B9-93CE-2A1E24911051}C:\program files\web.de\web.de multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files\web.de\web.de multimessenger\messengr.exe |
"TCP Query User{E5B1E14B-B2B9-4B6D-9BB3-D05B42E27272}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{EAA38AAB-7619-4799-9F27-4A3C75186982}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{0390F194-2AB5-409E-9E96-96164E1175FB}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{10E393BE-F339-48B2-8A28-184C561A0CE2}C:\program files\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"UDP Query User{1D600A05-0725-4189-B8FD-83F01DBA540C}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{5E8BA695-7B44-4C6A-B6C4-0B813B903271}C:\program files\emcrypt v4.1\emcrypt.exe" = protocol=17 | dir=in | app=c:\program files\emcrypt v4.1\emcrypt.exe |
"UDP Query User{69A9DE51-B116-4AE0-9483-3C1A33708C22}E:\die siedler - aufbruch der kulturen\bin\sadk.exe" = protocol=17 | dir=in | app=e:\die siedler - aufbruch der kulturen\bin\sadk.exe |
"UDP Query User{6C1B4677-FC0A-45DB-A964-BFCE48E84F05}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{6EC6623F-5A63-41F4-8391-BF1BAF93D1AA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{74BE3A19-567C-4342-993F-1EE00C5C0D8B}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{BCD0A0D6-F200-4830-890B-EFEFA60C1688}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{EE2FB5F8-595B-4349-83E0-6E36AC07D294}C:\program files\web.de\web.de multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files\web.de\web.de multimessenger\messengr.exe |
"UDP Query User{F0CEAA7E-1B98-4E02-B37A-4147782C98F4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FD951006-FCD0-41E7-AFE1-3CF3346BDFC9}C:\program files\wyzo\wyzo.exe" = protocol=17 | dir=in | app=c:\program files\wyzo\wyzo.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00004EE8-1E8B-BB10-6588-07DF0D120F6B}" = CCC Help Korean
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E107FC-1861-FC4A-E80F-07DA9DC5808C}" = Catalyst Control Center Graphics Previews Vista
"{03C55715-3545-2DF8-8C64-2BB877955150}" = Catalyst Control Center Localization Chinese Traditional
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0755396F-D048-8CDD-6AC3-C7C83A6869B5}" = CCC Help Czech
"{08B7B1F9-A8EB-7632-FFC3-04AB5328143B}" = CCC Help Chinese Standard
"{09F52B2B-8B36-130C-5EBD-6E5FFC5FA0B7}" = CCC Help English
"{0E1C53DA-DF86-845A-7BEB-14C4A8E0B150}" = Catalyst Control Center Localization Korean
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{15B924BC-AEB2-7E31-F414-1FC7B385846A}" = CCC Help Greek
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20CFE038-F4CE-0716-DCA0-04BBD67FE5EA}" = CCC Help Turkish
"{2126F5BB-AB90-083F-7AA8-A29D73819DAA}" = CCC Help French
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26E6EA50-532C-8CF3-5EB4-8C8D306EAB58}" = Catalyst Control Center Localization Polish
"{27CD3616-D3B0-834C-89A3-4FC5CEE7374D}" = Catalyst Control Center Graphics Full Existing
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28912B61-0265-3C33-7EC7-14345AC76E3D}" = CCC Help Hungarian
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D06C1FE-8454-5663-D0E9-1C130FD96446}" = Catalyst Control Center Localization Norwegian
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30F9E15A-EE25-6D32-62CE-2E6BEAED3766}" = CCC Help Italian
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342A19C7-3335-C02F-F1DD-3A0B49C3D047}" = Catalyst Control Center Localization Greek
"{34EF4F67-A3CE-DAB6-FA06-7C4C59A0D462}" = Catalyst Control Center Localization Swedish
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CE22BE4-E2D3-F0E8-1C52-1B5A5F97B876}" = Catalyst Control Center Localization Turkish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{400F4990-B111-109A-6B08-E80CB42651AA}" = Catalyst Control Center Localization Danish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44479884-EB6D-38DA-1D3E-835625E40F7E}" = Catalyst Control Center Graphics Previews Common
"{480CA9F1-17E2-0B15-9684-511C0A083F92}" = Catalyst Control Center Localization Thai
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F31172C-2692-BB28-8F5B-86474CEC5D33}" = Catalyst Control Center Localization Chinese Standard
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54AAFB71-6DCB-32EB-8F91-DA7643497ED4}" = Catalyst Control Center Localization Spanish
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D1CB0EC-0CA2-B4FD-2A10-2503A3CF7E46}" = Catalyst Control Center Localization Italian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFE618D-0100-6DE7-9894-5FD057103871}" = Catalyst Control Center Core Implementation
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63D10FBD-5667-DAD9-0B31-CED873B3F7EF}" = Catalyst Control Center Graphics Light
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7936153F-8D09-BC11-6DC4-1D4DEAB9D680}" = CCC Help Thai
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{816B8A02-76F0-AE47-E28F-0AD114CC261E}" = CCC Help Polish
"{82AB4F83-BBBA-8F04-EE34-11F74E39A4B6}" = Catalyst Control Center Localization German
"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21
"{86158699-F584-0DC9-119D-C5A6591090FB}" = CCC Help Chinese Traditional
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{920E3F1A-0B73-807D-EE0E-E6D89D4E5DDE}" = Catalyst Control Center Localization Dutch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{985AF15E-776F-3CDD-EB92-2DAFF02697FB}" = Skins
"{98CE747E-4948-10B0-BBF0-5981A11114D1}" = Catalyst Control Center Localization Hungarian
"{99F54171-AE4A-579B-1544-5870478FC8F7}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9EDBB857-8028-49CD-B9C9-0B4D10CD1031}" = Nero 8
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1BAD23B-748C-50FD-CCA9-956C3F54D138}" = CCC Help German
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD82299-8034-4B44-4FDB-3F8971C20575}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{ACE07E37-A416-9A6B-D352-C776FFA49493}" = CCC Help Spanish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2AEC44B-F926-773D-D028-77CADEF8D9D3}" = CCC Help Norwegian
"{B537ACDB-7C56-83B6-034C-A5AF6400F789}" = CCC Help Swedish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B8AB4511-EECC-9299-45B3-F25F4774F6F2}" = CCC Help Russian
"{BD75C1A0-F0ED-B54A-B49C-3244B47BA803}" = ccc-utility
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6317675-96CC-D2AE-40F2-698F3DED64B4}" = CCC Help Portuguese
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7FAEA9E-A14C-D8C9-EEE9-8D43F9E09565}" = Catalyst Control Center Localization Czech
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC35C434-FFC8-BDD8-44F0-ED0972484C56}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D646CA8B-5227-1598-5E9C-132B2D89A38D}" = Catalyst Control Center Localization Japanese
"{D8E302CB-8517-3E9B-C6C9-E90A21C6EFC5}" = CCC Help Danish
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BB634D-B374-A329-EE5D-22C279F92A7F}" = ccc-core-static
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C1426C-6670-4068-6398-EB490D45979F}" = Catalyst Control Center Localization Portuguese
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8B5B814-A3BF-F83F-09ED-AED9EE88211A}" = Catalyst Control Center Localization French
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F927176F-F8F0-FACF-A57E-4F95714B6F00}" = Catalyst Control Center Localization Russian
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = USB PC Camera
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FA7BB878-FC13-7548-13D3-18A53381014D}" = CCC Help Japanese
"{FB56EE4D-7CBC-6FDC-E336-52BD269E4CF6}" = Catalyst Control Center Localization Finnish
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DSex_Villa_ThriXXX" = 3DSex_Villa_ThriXXX
"8461-7759-5462-8226" = Vuze
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ClearProg" = ClearProg 1.6.0 Final
"Diner Dash 5 Boom Collector's Edition H33T" = Diner Dash 5 Boom Collector's Edition H33T
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Dr. DivX 1.0 Beta" = Dr. DivX 1.0 Beta
"ecmkjc" = Favorit
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Farm Frenzy 3 Russian Roulette 1.0" = Farm Frenzy 3 Russian Roulette 1.0
"Farm Frenzy Pizza Party 1.00" = Farm Frenzy Pizza Party 1.00
"ffdshow_is1" = ffdshow [rev 1828] [2008-01-29]
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"FotokalenderDigitalPrintLab3" = DigitalPrintLab3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IncrediMail" = IncrediMail 2.0
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LogonStudio Vista" = LogonStudio Vista
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"myphotobook" = myphotobook 3.1
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PDF-ShellTools_is1" = PDF-ShellTools 1.0.0.9 Trial
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"RealPlayer 6.0" = RealPlayer
"Rommé 1" = Rommé 1
"SADK" = Die Siedler - Aufbruch der Kulturen
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"T-Online eMail Center Desktop-Startsymbol Fax" = T-Online eMail Center Desktop-Startsymbol Fax 1.0
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VideoLAN VLC media player 0.8.1
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WEB.DE SmartSurfer" = WEB.DE SmartSurfer
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XP-Games JRE" = XP-Games JRE
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HappyFoto Bestellsoftware" = HappyFoto Bestellsoftware
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2010 08:05:33 | Computer Name = biancas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4850321
Error - 03.06.2010 08:05:34 | Computer Name = biancas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.06.2010 08:05:34 | Computer Name = biancas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4851397
Error - 03.06.2010 08:05:34 | Computer Name = biancas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4851397
Error - 03.06.2010 08:05:39 | Computer Name = biancas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.06.2010 08:05:39 | Computer Name = biancas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4856108
Error - 03.06.2010 08:05:39 | Computer Name = biancas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4856108
Error - 03.06.2010 08:05:41 | Computer Name = biancas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.06.2010 08:05:41 | Computer Name = biancas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4857933
Error - 03.06.2010 08:05:41 | Computer Name = biancas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4857933
[ System Events ]
Error - 02.06.2010 14:44:46 | Computer Name = biancas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.06.2010 14:44:46 | Computer Name = biancas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.06.2010 14:44:46 | Computer Name = biancas-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.06.2010 14:50:35 | Computer Name = biancas-PC | Source = bowser | ID = 8003
Description =
Error - 02.06.2010 15:26:39 | Computer Name = biancas-PC | Source = bowser | ID = 8003
Description =
Error - 02.06.2010 16:02:38 | Computer Name = biancas-PC | Source = bowser | ID = 8003
Description =
Error - 02.06.2010 16:26:37 | Computer Name = biancas-PC | Source = bowser | ID = 8003
Description =
Error - 03.06.2010 08:10:17 | Computer Name = biancas-PC | Source = bowser | ID = 8003
Description =
Error - 03.06.2010 08:50:19 | Computer Name = biancas-PC | Source = bowser | ID = 8003
Description =
Error - 03.06.2010 09:14:20 | Computer Name = biancas-PC | Source = bowser | ID = 8003
Description =
< End of report >
|
|
04.06.2010, 18:52
| #4 |
| | Internet Explorer und co öffnet ständig Seiten Darf ich fragen warum mir hier keiner Antwortet?? Hab ich die falschen LogFiles gepostet? ODer was anderes falsch gemacht? Bitte, die Seiten machen sich immernoch auf. mal mehr mal weniger. Kann mir niemand helfen? |
|
06.06.2010, 11:10
| #5 |
| | Internet Explorer und co öffnet ständig Seiten Ich nochmal. Bitte warum Antwortet mir niemand????? Seit heute bekomm ich die Virus meldungen kaum noch weg. Es scheinrt sich um ein und den selben zu handeln: TR/Dldr.Renos. und dann immer wieder mit neuen endungen Bitte, mein Virenprogramm scheint ihm nihct Herr zu werden. Er kommt immer wieder!!!! Ich wollte auch eigetnlich noch was anhängen aber das ist zu groß. wollt euch zeigen welche Sachen mir mein Programm anzeigt. Egal es ist immer dieser Renos. Meist mir dem anhang LX.1 oder KF.1960 Bitte helft mir!!!!! Geändert von Bianca28 (06.06.2010 um 11:24 Uhr) |
|
06.06.2010, 12:30
| #6 |
| | Internet Explorer und co öffnet ständig Seiten hier die Logfiles von Malwarebytes. Er hat 7 gefunden und eines konnte er nicht löschen ich weiß aber nicht welches bitte helft mir. langsam bin ich echt verzweifelt!!!! |
|
06.06.2010, 12:56
| #7 | |
 | Internet Explorer und co öffnet ständig SeitenZitat:
bleib ganz ruhig. Ich helfe dir. Ich melde mich wieder wenn ich mir die logs durchgeschaut habe. lg.
__________________ Arroganz ist das Selbstbewusstsein des Minderwertigkeitskomplexes. (Jean Rostand) |
|
06.06.2010, 13:01
| #8 |
| | Internet Explorer und co öffnet ständig Seiten Du hast nur das eine log von OTL gepostet. du musst beide posten: # Wenn der Scan beendet wurde werden 2 Logfiles erstellt
__________________ Arroganz ist das Selbstbewusstsein des Minderwertigkeitskomplexes. (Jean Rostand) |
|
06.06.2010, 18:18
| #9 |
| | Internet Explorer und co öffnet ständig Seiten Also ich schreib mal eben schnell vom Handy. Beim schnell Scan hat er ein was gefunden also lass ich jetzt den kompletten laufen. Das dauert schon ein paar Stunden und ich glaube er braucht auch noch ein paar. Was soll ich machen wenn er fertig ist? Soll ich das loeschen was er findet? |
|
06.06.2010, 18:36
| #10 | |
| | Internet Explorer und co öffnet ständig SeitenZitat:
Poste dann das log zum schluss.
__________________ Arroganz ist das Selbstbewusstsein des Minderwertigkeitskomplexes. (Jean Rostand) |
|
| Themen zu Internet Explorer und co öffnet ständig Seiten |
| adware, antivir, antivirus, avira, browser, c:\windows\system32\rundll32.exe, clean.bat, desktop, error, firefox, installation, internet, internet explorer, load.exe, local\temp, log file, pop ups, problem, programdata, programm, registry, registry key, rundll, software, spielen, sptd.sys, spyware, start menu, svchost.exe, symantec, system, virus, vista, windows |
Hybrid-Darstellung
