| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
21.04.2011, 16:27
| #1 |
| |  TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter Hallo Ich hab mich über diesen Virus informiert und sehe dass mein Computer unter die gleichen Symptomen leidet. Also hab ich das mit OTL gemacht und hab beide Textdateien vor mir. Ich weiss ab jetzt nicht mehr was ich weiter tun soll und wäre froh wenn mir jemand weiter helfen könnte. Vor dem ich "Run Scan" geklickt habe, habe ich folgendes eingestellt (wie bei einem anderen Thread erklärt): Output: Minimal Output Extra Registry: Use SafeList LOP Check: angekreuzt Purity Check: angekreuzt Sonst hab ich alles wie es steht gelassen. Ich bedanke mich schon im voraus für eure Hilfe. Hier mal die beide Logfiles: ______________________ OTL Extras Lofile:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 16:20:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\phoebe\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,95 Gb Total Space | 84,89 Gb Free Space | 29,48% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,57 Gb Free Space | 45,74% Space Free | Partition Type: NTFS
Drive E: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: LOLA | User Name: phoebe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B61B9C8-2BB9-4827-BBDF-2CA6DD8D01DB}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{56B67FCC-399E-46B6-8268-C8A97F5ED093}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{872699D6-5F04-4760-9A80-B041756BD51A}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{B5E863F1-25AA-44C5-AAFE-B91E1814D976}" = lport=22 | protocol=6 | dir=in | name=ssh |
"{BC4E987E-59B0-4013-8839-21037567A32A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D948290F-2AD5-457F-B0FE-14B2CFE7FB59}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003A76CB-D213-46F3-938A-9784CE7751E7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0141DED5-26AC-4C95-A84B-7496E7CCE303}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{02FAD7C9-BA88-4CA0-BA32-5046239CBABF}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{0598D4EE-E999-4A44-9378-239161E3F462}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A4719F4-A5BD-4811-8799-493E4BE03122}" = protocol=17 | dir=in | app=c:\windows\temp\inode_config.exe |
"{168BDD1E-F695-4ABB-9CB4-470CAB8BD8E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F3A04FE-45AD-494E-94EB-EF829FB50D18}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{25008F06-51F4-4032-9688-13D988DDF99C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F4A5C85-0ABE-4216-912F-E5A5A8F7BC5B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{2F7523AD-4438-45B4-A96C-EC86B71EB3DE}" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe |
"{332A6A2F-23F1-4992-B849-97F22740BD55}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{38D5B699-F49E-4B31-A56A-DC51DDCAEC0E}" = protocol=6 | dir=in | app=c:\windows\temp\inode_config.exe |
"{579BF796-ABE1-46F6-9888-5D0CF320C42A}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{6348C8F8-2DC9-43F8-A793-F2385161E98D}" = protocol=17 | dir=in | app=c:\users\phoebe\appdata\roaming\dropbox\bin\dropbox.exe |
"{6A8D7EA9-E1BE-40B4-AD27-A8E58FA6C2DB}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{8C8FD454-2E1B-4623-9EFB-FEDFBE52E20A}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{9E8D4868-F879-46A8-B51D-7AC6D6F1A778}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{B77722EE-8325-4211-A0C3-7C0AD40A7C34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B96B6A81-96B3-4E11-9BC5-44B15532E986}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{C416F4C8-045C-402A-A6B7-67EBD98D65A5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C4800F00-188F-4D6B-ADBE-EF82EF2B6ACB}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D5A4524E-9550-49D7-8EDA-1F42B707952E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E4DE8905-F292-440E-86AF-54559C691F10}" = protocol=6 | dir=in | app=c:\users\phoebe\appdata\roaming\dropbox\bin\dropbox.exe |
"{ECE8680B-F91A-4E27-8FCA-3FDDC1C30C98}" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe |
"{F5EF69D8-9FCF-41A1-8D44-148B3A64F15A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{329DF8A0-208C-4690-BA5A-56A49437594C}C:\program files\graphisoft\archicad 13\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 13\archicad.exe |
"TCP Query User{4EDCC1EE-C501-4446-9398-CDAE3D5930E3}C:\program files\graphisoft\archicad 14\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe |
"TCP Query User{A50843ED-11D0-4D4F-80F5-D21C3F6B12B5}C:\program files\graphisoft\archicad 14\gsreport.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 14\gsreport.exe |
"TCP Query User{A60DA297-02D9-471B-9E87-1288C1E89F5D}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{C77FC699-05E6-4F8F-8941-6DD816A41991}C:\program files\graphisoft\archicad 13\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 13\archicad.exe |
"TCP Query User{DBC3DA58-E0BC-43C6-94AF-5D49584B30A7}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe |
"TCP Query User{ECCC239C-AEB0-4A69-B9C6-B8C8B30C6511}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe |
"UDP Query User{15EC4679-0B31-4A8B-9384-6718D6E1CC98}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{68B232D5-8060-43FF-A9BD-0B2B49E49DBF}C:\program files\graphisoft\archicad 14\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 14\archicad.exe |
"UDP Query User{9658FB90-1C1A-4A69-B38F-85DAE3CB2F68}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe |
"UDP Query User{E526034D-80CF-4582-8630-2E08181772DF}C:\program files\graphisoft\archicad 13\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 13\archicad.exe |
"UDP Query User{EDF92636-5842-40DF-A3EF-ED72E04599BC}C:\program files\graphisoft\archicad 13\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 13\archicad.exe |
"UDP Query User{FAB03D31-6230-49D8-9F0E-B0E48680D0D7}C:\program files\graphisoft\archicad 14\gsreport.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 14\gsreport.exe |
"UDP Query User{FBCFED77-3DD4-4E2F-A26C-80D10EDE5F0D}C:\program files\graphisoft\archicad 12\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 12\archicad.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{99484975-321E-495B-8171-2797B82392DD}" = inode FTP
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"001FFF1FFF13FF00FF0901F00F02F000-R1" = ArchiCAD 13 AUT
"001FFF1FFF14FF00FF0901F01F02F000-R1" = ArchiCAD 14 AUT
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"EPSON S21 Series" = EPSON S21 Series Printer Uninstall
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Dub_is1" = Free Audio Dub version 1.5
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GoToAssist" = GoToAssist 8.0.0.514
"inode FTP" = inode FTP
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"ScanQuery" = ScanQuery 1.0 build 121 powered by FIRST SEARCHBAR
"Security Task Manager" = Security Task Manager 1.8c
"ShopperReportsSA" = ShopperReports
"Sibelius 6 Demo_is1" = Sibelius 6.1.0.3 Demo
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.04.2011 02:51:08 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.04.2011 02:51:08 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25569
Error - 18.04.2011 02:51:08 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25569
Error - 18.04.2011 05:29:19 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.04.2011 05:29:19 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1389
Error - 18.04.2011 05:29:19 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1389
Error - 18.04.2011 05:29:20 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.04.2011 05:29:20 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2418
Error - 18.04.2011 05:29:20 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2418
Error - 18.04.2011 05:29:21 | Computer Name = lola | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ System Events ]
Error - 21.04.2011 04:26:32 | Computer Name = lola | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error - 21.04.2011 04:26:32 | Computer Name = lola | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error - 21.04.2011 04:26:32 | Computer Name = lola | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error - 21.04.2011 04:26:32 | Computer Name = lola | Source = disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\DR0 gefunden.
Error - 21.04.2011 08:29:59 | Computer Name = lola | Source = Service Control Manager | ID = 7034
Description =
Error - 21.04.2011 09:49:56 | Computer Name = lola | Source = HTTP | ID = 15016
Description =
Error - 21.04.2011 09:51:00 | Computer Name = lola | Source = DCOM | ID = 10016
Description =
Error - 21.04.2011 09:51:18 | Computer Name = lola | Source = Service Control Manager | ID = 7000
Description =
Error - 21.04.2011 09:51:18 | Computer Name = lola | Source = Service Control Manager | ID = 7009
Description =
Error - 21.04.2011 10:00:17 | Computer Name = lola | Source = Service Control Manager | ID = 7022
Description =
< End of report >
_______________________________________ OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.04.2011 16:20:18 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\phoebe\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,95 Gb Total Space | 84,89 Gb Free Space | 29,48% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 4,57 Gb Free Space | 45,74% Space Free | Partition Type: NTFS Drive E: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: LOLA | User Name: phoebe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\phoebe\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\cygwin\usr\sbin\sshd.exe () PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) PRC - C:\cygwin\bin\cygrunsrv.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\phoebe\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ScanQuery Service) -- File not found SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (sshd) -- C:\cygwin\bin\cygrunsrv.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.) DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "www.google.at" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 49 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}:1.0 FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011.04.19 21:59:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.30 02:24:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.19 22:07:51 | 000,000,000 | ---D | M] [2009.07.08 22:10:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\phoebe\AppData\Roaming\mozilla\Extensions [2011.04.20 17:21:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\phoebe\AppData\Roaming\mozilla\Firefox\Profiles\funpck7m.default\extensions [2011.04.20 18:45:48 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\phoebe\AppData\Roaming\mozilla\Firefox\Profiles\funpck7m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.20 18:45:48 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\phoebe\AppData\Roaming\mozilla\Firefox\Profiles\funpck7m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.20 18:45:48 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\phoebe\AppData\Roaming\mozilla\Firefox\Profiles\funpck7m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.03.29 00:20:24 | 000,000,873 | -H-- | M] () -- C:\Users\phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\funpck7m.default\searchplugins\conduit.xml [2011.04.19 21:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.06 15:51:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.04.19 21:59:39 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Programme\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} [2009.08.05 16:55:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.11.28 15:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.07.06 15:51:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.04.19 21:59:39 | 000,000,000 | ---D | M] (ScanQuery) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64} [2011.04.19 21:59:18 | 000,000,000 | ---D | M] (ShopperReports) -- C:\PROGRAM FILES\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.07 18:38:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.07 18:38:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.07 18:38:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.07 18:38:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.07 18:38:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ares] File not found O4 - HKCU..\Run: [bMDKqKPoEawbT] C:\ProgramData\bMDKqKPoEawbT.exe (BitSprx) O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B5 00 00 00 [binary data] O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\phoebe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\phoebe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.07.24 01:23:12 | 000,000,077 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ] O32 - AutoRun File - [2008.09.09 20:31:36 | 000,000,000 | R--D | M] - E:\Autoplay -- [ UDF ] O32 - AutoRun File - [2008.08.06 07:23:05 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) - E:\Autoplay.exe -- [ UDF ] O33 - MountPoints2\{3d10c91a-14d1-11de-9b19-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3d10c91a-14d1-11de-9b19-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autoplay.exe -- [2008.08.06 07:23:05 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) O33 - MountPoints2\{a137c6e4-e0df-11df-8fa0-002219e3205b}\Shell\AutoRun\command - "" = F:\setupSNK.exe O33 - MountPoints2\{b0f6d438-5871-11de-9217-002219e3205b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{b0f6d43b-5871-11de-9217-002219e3205b}\Shell - "" = AutoRun O33 - MountPoints2\{b0f6d43b-5871-11de-9217-002219e3205b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{b0f6d44e-5871-11de-9217-002219e3205b}\Shell\AutoRun\command - "" = WDSetup.exe O33 - MountPoints2\{bf529b39-4ad0-11de-b111-002219e3205b}\Shell\AutoRun\command - "" = xp32.exe O33 - MountPoints2\{bf529b39-4ad0-11de-b111-002219e3205b}\Shell\explore\Command - "" = xp32.exe O33 - MountPoints2\{bf529b39-4ad0-11de-b111-002219e3205b}\Shell\open\Command - "" = xp32.exe O33 - MountPoints2\{fdb9ed85-9fd5-11de-bc41-002219e3205b}\Shell - "" = AutoRun O33 - MountPoints2\{fdb9ed85-9fd5-11de-bc41-002219e3205b}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 14:26:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\SecTaskMan [2011.04.21 14:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.04.21 14:24:45 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2011.04.19 23:09:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011.04.19 22:57:46 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.19 22:47:40 | 000,569,344 | -H-- | C] (BitSprx) -- C:\ProgramData\bMDKqKPoEawbT.exe [2011.04.19 22:00:57 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\AppData\Local\Ares [2011.04.19 22:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares [2011.04.19 21:59:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\ScanQuery [2011.04.19 21:59:33 | 000,000,000 | ---D | C] -- C:\Programme\ScanQuery [2011.04.19 21:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports [2011.04.19 21:59:12 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\AppData\Roaming\ShopperReports3 [2011.04.19 21:59:12 | 000,000,000 | ---D | C] -- C:\Programme\ShopperReports3 [2011.04.16 01:40:31 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.14 08:15:59 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 08:15:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 08:15:48 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 08:15:48 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 08:15:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 08:15:30 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.14 08:15:28 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.14 08:15:28 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 08:15:28 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 08:15:28 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 08:15:28 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.14 08:15:28 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.14 08:15:28 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 08:15:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.14 08:15:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.14 08:15:23 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 08:15:20 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.14 08:15:19 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.03.31 19:48:36 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\myself [2011.03.30 22:57:32 | 000,000,000 | RH-D | C] -- C:\Users\phoebe\Searches [2011.03.30 22:42:42 | 000,000,000 | -H-D | C] -- C:\cygwin [2009.08.06 16:03:57 | 008,653,312 | -H-- | C] (Dell, Inc. ) -- C:\Users\phoebe\AppData\Roaming\DataSafeDotNet.exe ========== Files - Modified Within 30 Days ========== [2011.04.21 15:56:39 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 15:56:39 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 15:56:39 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 15:56:39 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.21 15:50:37 | 000,487,424 | ---- | M] () -- C:\ProgramData\41344776.exe [2011.04.21 15:49:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 15:49:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 15:49:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 15:49:45 | 3213,774,848 | -HS- | M] () -- C:\hiberfil.sys [2011.04.19 22:57:47 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~42458888 [2011.04.19 22:57:47 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42458888r [2011.04.19 22:57:46 | 000,000,585 | -H-- | M] () -- C:\Users\phoebe\Desktop\Windows Recovery.lnk [2011.04.19 22:57:41 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42458888 [2011.04.19 22:47:40 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\bMDKqKPoEawbT.exe [2011.04.19 20:27:24 | 000,001,107 | -H-- | M] () -- C:\Users\phoebe\Desktop\Free YouTube Download.lnk [2011.04.19 20:05:13 | 000,105,472 | -H-- | M] () -- C:\Users\phoebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.19 17:05:32 | 000,872,844 | -H-- | M] () -- C:\Users\phoebe\Documents\IMGP5915.JPG [2011.04.19 17:05:14 | 001,053,510 | -H-- | M] () -- C:\Users\phoebe\Documents\IMGP5914.JPG [2011.04.19 17:04:58 | 000,913,609 | -H-- | M] () -- C:\Users\phoebe\Documents\IMGP5913.JPG [2011.04.16 16:33:58 | 002,286,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.16 13:25:28 | 001,727,704 | -H-- | M] () -- C:\Users\phoebe\Mappe_2011_April.pdf [2011.04.15 22:26:39 | 000,006,836 | -H-- | M] () -- C:\Users\phoebe\AppData\Local\d3d9caps.dat [2011.04.12 23:41:25 | 000,013,738 | -H-- | M] () -- C:\Users\phoebe\736339_hFfWHrHa_b.jpg [2011.04.12 23:41:17 | 000,011,734 | -H-- | M] () -- C:\Users\phoebe\080410-comb-jelly2-02.jpg [2011.04.12 23:40:39 | 000,050,502 | -H-- | M] () -- C:\Users\phoebe\filtro.jpg [2011.04.12 23:40:05 | 000,522,624 | -H-- | M] () -- C:\Users\phoebe\fuer phoebe.tiff [2011.04.11 03:31:45 | 005,467,869 | -H-- | M] () -- C:\Users\phoebe\05 - Inflammatory Writ.mp3 [2011.03.23 20:33:15 | 000,220,475 | -H-- | M] () -- C:\Users\phoebe\Vorschlag Cover.jpg ========== Files Created - No Company Name ========== [2011.04.21 15:50:37 | 000,487,424 | ---- | C] () -- C:\ProgramData\41344776.exe [2011.04.20 17:10:29 | 001,429,077 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050280.JPG [2011.04.20 17:10:29 | 001,409,118 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050278.JPG [2011.04.20 17:10:29 | 001,388,276 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050283.JPG [2011.04.20 17:10:29 | 001,336,726 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050284.JPG [2011.04.20 17:10:29 | 001,331,765 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050285.JPG [2011.04.20 17:10:29 | 001,324,742 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050286.JPG [2011.04.20 17:10:29 | 001,311,030 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050279.JPG [2011.04.20 17:10:29 | 001,303,691 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050281.JPG [2011.04.20 17:10:29 | 001,245,596 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050277.JPG [2011.04.20 17:10:29 | 001,195,672 | -H-- | C] () -- C:\Users\phoebe\Desktop\P1050282.JPG [2011.04.19 22:57:47 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~42458888 [2011.04.19 22:57:47 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~42458888r [2011.04.19 22:57:46 | 000,000,585 | -H-- | C] () -- C:\Users\phoebe\Desktop\Windows Recovery.lnk [2011.04.19 22:57:41 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42458888 [2011.04.19 20:27:24 | 000,001,107 | -H-- | C] () -- C:\Users\phoebe\Desktop\Free YouTube Download.lnk [2011.04.19 17:04:34 | 001,053,510 | -H-- | C] () -- C:\Users\phoebe\Documents\IMGP5914.JPG [2011.04.19 17:04:34 | 000,913,609 | -H-- | C] () -- C:\Users\phoebe\Documents\IMGP5913.JPG [2011.04.19 17:04:34 | 000,872,844 | -H-- | C] () -- C:\Users\phoebe\Documents\IMGP5915.JPG [2011.04.16 13:25:27 | 001,727,704 | -H-- | C] () -- C:\Users\phoebe\Mappe_2011_April.pdf [2011.04.12 23:41:22 | 000,013,738 | -H-- | C] () -- C:\Users\phoebe\736339_hFfWHrHa_b.jpg [2011.04.12 23:40:58 | 000,011,734 | -H-- | C] () -- C:\Users\phoebe\080410-comb-jelly2-02.jpg [2011.04.12 23:40:31 | 000,050,502 | -H-- | C] () -- C:\Users\phoebe\filtro.jpg [2011.04.12 23:39:36 | 000,522,624 | -H-- | C] () -- C:\Users\phoebe\fuer phoebe.tiff [2011.04.11 03:28:11 | 005,467,869 | -H-- | C] () -- C:\Users\phoebe\05 - Inflammatory Writ.mp3 [2011.03.23 20:33:08 | 000,220,475 | -H-- | C] () -- C:\Users\phoebe\Vorschlag Cover.jpg [2010.07.06 15:52:19 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI [2010.07.06 15:52:19 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.02.03 22:03:29 | 000,004,096 | -H-- | C] () -- C:\Users\phoebe\AppData\Local\keyfile3.drm [2010.01.30 23:30:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.11.29 14:03:53 | 000,001,086 | -H-- | C] () -- C:\Users\phoebe\AppData\Local\F1C3C386.il [2009.11.29 14:03:53 | 000,000,280 | -H-- | C] () -- C:\Users\phoebe\AppData\Local\IndexIE_F1C3C386.il [2009.09.03 21:07:21 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI [2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.06.26 07:52:52 | 000,006,836 | -H-- | C] () -- C:\Users\phoebe\AppData\Local\d3d9caps.dat [2009.03.28 14:05:31 | 000,004,716 | -H-- | C] () -- C:\Users\phoebe\AppData\Roaming\wklnhst.dat [2009.03.27 17:59:45 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2009.03.27 17:43:43 | 000,105,472 | -H-- | C] () -- C:\Users\phoebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.25 23:30:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.03.20 07:57:10 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2009.03.20 07:57:10 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.03.20 07:57:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.03.20 07:57:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2009.03.20 07:53:36 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.03.20 07:53:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.20 00:06:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.03.19 23:33:49 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 002,286,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll [2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll [1998.10.11 01:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll < End of report > |
|
21.04.2011, 16:36
| #2 |
| /// Malware-holic   | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL O4 - HKCU..\Run: [bMDKqKPoEawbT] C:\ProgramData\bMDKqKPoEawbT.exe (BitSprx) [2011.04.19 22:57:46 | 000,000,000 | -H-D | C] -- C:\Users\phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.19 22:57:47 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~42458888 [2011.04.19 22:57:47 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42458888r [2011.04.19 22:57:46 | 000,000,585 | -H-- | M] () -- C:\Users\phoebe\Desktop\Windows Recovery.lnk [2011.04.19 22:57:41 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42458888 [2011.04.19 22:47:40 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\bMDKqKPoEawbT.exe :Files C:\ProgramData\bMDKqKPoEawbT.exe C:\ProgramData\41344776.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. das archiv nach anleitung hochladen: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
21.04.2011, 16:54
| #3 |
| | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter Hier mal den Textdokument nach dem Neustart. MovedFiles.rar hab ich schon hochgeladen.
__________________________________________________ All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bMDKqKPoEawbT deleted successfully. C:\ProgramData\bMDKqKPoEawbT.exe moved successfully. C:\Users\phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully. C:\ProgramData\~42458888 moved successfully. C:\ProgramData\~42458888r moved successfully. C:\Users\phoebe\Desktop\Windows Recovery.lnk moved successfully. C:\ProgramData\42458888 moved successfully. File C:\ProgramData\bMDKqKPoEawbT.exe not found. ========== FILES ========== File\Folder C:\ProgramData\bMDKqKPoEawbT.exe not found. File\Folder C:\ProgramData\41344776.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: cyg_server User: Default User: Default User User: Gast ->Flash cache emptied: 0 bytes User: phoebe ->Flash cache emptied: 405 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: cyg_server ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: phoebe ->Temp folder emptied: 13298345 bytes ->Temporary Internet Files folder emptied: 410348 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 25612185 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 38,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04212011_173731 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
21.04.2011, 16:56
| #4 |
| /// Malware-holic | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter sehr gut. 1. unhide: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.04.2011, 19:09
| #5 |
| | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter Ok, scan endlich fertig. Hier mal die Ergebnisse: Noch irgendeinen Schritt? ________________________________ Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6413 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 21.04.2011 20:02:12 mbam-log-2011-04-21 (20-02-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 390298 Laufzeit: 1 Stunde(n), 54 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 66 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 16 Infizierte Dateien: 17 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScanQuery Service (Adware.ScanQuery) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790772B776545034AD97 (Malware.Trace) -> Value: SRS_IT_E8790772B776545034AD97 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\phoebe\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot. c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64} (Adware.ScanQuery) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\chrome (Adware.ScanQuery) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\defaults (Adware.ScanQuery) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\defaults\preferences (Adware.ScanQuery) -> Quarantined and deleted successfully. c:\program files\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully. c:\programdata\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully. Infizierte Dateien: c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\scanquery\uninstall.exe (Adware.ScanQuery) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\04212011_173731\c_programdata\bmdkqkpoeawbt.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\chrome.manifest (Adware.ScanQuery) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\install.rdf (Adware.ScanQuery) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\chrome\scanquery.jar (Adware.ScanQuery) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{de9265d8-d55d-4286-9dc4-f8d8a0ca2f64}\defaults\preferences\prefs.js (Adware.ScanQuery) -> Quarantined and deleted successfully. |
|
21.04.2011, 19:31
| #6 |
| /// Malware-holic | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ --> TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter |
|
21.04.2011, 20:34
| #7 |
| | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter ComboFix Log: ______________________ Combofix Logfile: Code:
ATTFilter ComboFix 11-04-21.02 - phoebe 21.04.2011 21:14:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.43.1031.18.3066.2162 [GMT 2:00]
ausgeführt von:: c:\users\phoebe\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-21 bis 2011-04-21 ))))))))))))))))))))))))))))))
.
.
2011-04-21 19:24 . 2011-04-21 19:24 -------- d-----w- c:\users\phoebe\AppData\Local\temp
2011-04-21 16:03 . 2011-04-21 16:03 -------- d-----w- c:\users\phoebe\AppData\Roaming\Malwarebytes
2011-04-21 16:01 . 2011-04-21 16:01 -------- d-----w- c:\programdata\Malwarebytes
2011-04-21 16:01 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 16:01 . 2011-04-21 16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-21 14:26 . 2011-04-21 15:49 -------- d-----w- C:\_OTL
2011-04-21 14:23 . 2011-04-21 14:23 -------- d-----w- c:\program files\spettmann.net
2011-04-21 12:26 . 2011-04-21 12:30 -------- d-----w- c:\programdata\SecTaskMan
2011-04-21 12:24 . 2011-04-21 12:25 -------- d-----w- c:\program files\Security Task Manager
2011-04-19 21:09 . 2011-04-19 21:09 -------- d-----w- c:\windows\system32\EventProviders
2011-04-19 20:00 . 2011-04-19 20:01 -------- d-----w- c:\users\phoebe\AppData\Local\Ares
2011-04-19 08:10 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE830A67-B315-406E-A659-8842C5D41D0F}\mpengine.dll
2011-04-15 23:40 . 2011-04-19 18:27 -------- d-----w- c:\users\phoebe\AppData\Roaming\DVDVideoSoftIEHelpers
2011-04-05 00:03 . 2011-04-05 00:03 -------- d-----w- c:\users\cyg_server
2011-03-31 17:48 . 2011-04-10 19:04 -------- d-----w- c:\users\phoebe\myself
2011-03-30 20:42 . 2011-04-20 16:45 -------- d-----w- C:\cygwin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-03 11:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 09:06 2355224 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-18 68592]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-19 21:46 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-13 108289]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-01-19 133472]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-01-19 279488]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube Download - c:\users\phoebe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\phoebe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\phoebe\AppData\Roaming\Mozilla\Firefox\Profiles\funpck7m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-21 21:24
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-21 21:29:22
ComboFix-quarantined-files.txt 2011-04-21 19:29
.
Vor Suchlauf: 6 Verzeichnis(se), 96.804.737.024 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 96.769.695.744 Bytes frei
.
- - End Of File - - 000983268A44E35653F366911EE46BF2
|
|
21.04.2011, 20:42
| #8 |
| /// Malware-holic | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter machst du onlinebanking /einkäufe oder sonst was wichtiges mit dem pc
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.04.2011, 20:45
| #9 |
| | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter Extrem selten. Warum? |
|
22.04.2011, 10:16
| #10 |
| /// Malware-holic | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter du hast ein rootkit, dieses hat es auf solche daten abesehen. da du transaktionen am pc durchführst wäre das formatieren das sicherste, denn wir können nicht garantieren das wir das system sauber bekommen. ich erkläre dir, wie man das system absichert in zukunft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 10:28
| #11 |
| | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter Markus, du bist echt fantastisch. Ja super, ich will mein System absichern. Ich folge. |
|
22.04.2011, 11:52
| #12 |
| /// Malware-holic | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter na aber befor das geht, musst du erst mal neu aufsetzen aus den genannten gründen, beginne also mit der datensicherung. dann melde dich wieder.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 13:07
| #13 |
| | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter Erst ab Mai hab ich die Möglichkeit meine Dateien irgendwoanders zu sichern. Ich meld mich anfang Mai wieder. |
|
22.04.2011, 13:21
| #14 |
| /// Malware-holic | TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter ok bis dahin.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu TR/Kazy.mekml.1 - Hab schon die OTL logfiles, wie komme ich weiter |
| 0x00000001, adobe after effects, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, computer, conduit, desktop, error, excel, excel.exe, flash player, format, google, helper, home, hängen, install.exe, location, mozilla, mp3, oldtimer, otl.exe, pixel, plug-in, registry, rundll, saver, scan, sched.exe, searchplugins, security, security scan, server, shell32.dll, shortcut, skype.exe, software, start menu, sttray.exe, tcp, third party, virus, vista |
Linear-Darstellung
