Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: browser funkt an http://www.findboots.org/ac.php nach tr/kazy-angriff

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.04.2011, 12:08   #1
Blenco
 
browser funkt an http://www.findboots.org/ac.php nach tr/kazy-angriff - Standard

browser funkt an http://www.findboots.org/ac.php nach tr/kazy-angriff



grüß gott allerseits:

ich habe dank der vielen hinweise in den anderen threads einen gestern abend bei mir eingebrochenen fake windows recovery anscheinend entfernen können - dateien mit unhide zurückgezaubert, exes gelöscht, registry-einträge entfernt, sys-datei aus dem system32 ordner entfernt, task-manager und menü-einträge wieder aktiviert. auch die becks-werbung taucht nicht mehr auf - allerdings zeigt der browser-verlauf immer noch verdächtig viele zugriffe (auch aktuell) auf seiten wie hxxp://www.findboots.org/ac.php?q=european+union&aid=484&sid=direc10 (bis zum ? ist die url immer die gleiche...). avira antivir personal free antivirus, malwarebyte Anti-Malware und spy-bot search&destroy finden alle nix mehr. was hab ich übersehen?

hier noch die otl-ergebnisse:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.04.2011 11:13:37 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Blenco\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,71 Gb Total Space | 22,39 Gb Free Space | 26,12% Space Free | Partition Type: NTFS
Drive E: | 29,79 Gb Total Space | 2,16 Gb Free Space | 7,24% Space Free | Partition Type: FAT32
Drive M: | 29,79 Gb Total Space | 27,96 Gb Free Space | 93,86% Space Free | Partition Type: NTFS
 
Computer Name: VGNTZ11VN | User Name: Blenco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Blenco\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Program Files\Extended\ADS9.0\Server\ADS.EXE (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Blenco\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WiselinkPro) -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe ()
SRV - (Advantage) -- C:\Program Files\Extended\ADS9.0\Server\ADS.EXE (iAnywhere Solutions, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (Beep) -- C:\Windows\System32\beep.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CBUSB) -- C:\Windows\System32\drivers\CBUSB.sys (MARX CryptoTech LP)
DRV - (SonyImgF) -- C:\Windows\System32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (risdptsk) -- C:\Windows\system32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (SPI) -- C:\Windows\System32\drivers\SonyPI.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (usbio) USBIO Driver (usbio.sys) -- C:\Windows\System32\drivers\usbio.sys (Thesycon GmbH, Germany)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Blenco\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/search?hl=de&safe=off&rlz=1T4SNYK_deDE323DE323&q=film+seminare&meta=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:4001
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {58D4392A-842E-11DE-B51A-C7B855D89593}:1.2.4
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {2ab1b709-ba03-4361-abf9-c50b964ff75d}:1.6.6
FF - prefs.js..extensions.enabledItems: {f6090211-2004-44d8-9090-be3c2adfd66f}:0.7.3
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files\1&1\1&1 SoftPhone\Firefox [2008.10.03 08:10:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.10 22:10:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.11.14 18:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blenco\AppData\Roaming\mozilla\Extensions
[2010.11.13 18:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blenco\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.11.16 08:57:48 | 000,000,000 | ---D | M] (Signature Switch) -- C:\USERS\BLENCO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CS0V97IZ.DEFAULT\EXTENSIONS\{2AB1B709-BA03-4361-ABF9-C50B964FF75D}
[2010.11.14 17:37:55 | 000,000,000 | ---D | M] (CompactHeader) -- C:\USERS\BLENCO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CS0V97IZ.DEFAULT\EXTENSIONS\{58D4392A-842E-11DE-B51A-C7B855D89593}
[2011.03.23 10:24:46 | 000,000,000 | ---D | M] (Change quote and reply format) -- C:\USERS\BLENCO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CS0V97IZ.DEFAULT\EXTENSIONS\{F6090211-2004-44D8-9090-BE3C2ADFD66F}
[2011.03.24 22:50:52 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\USERS\BLENCO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CS0V97IZ.DEFAULT\EXTENSIONS\DE_DE@DICTS.J3E.DE
[2010.11.14 17:37:48 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\USERS\BLENCO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\CS0V97IZ.DEFAULT\EXTENSIONS\EN-US@DICTIONARIES.ADDONS.MOZILLA.ORG
 
O1 HOSTS File: ([2009.07.09 22:01:33 | 000,317,142 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 10881 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Auto Run Software for Photo Frame] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [zinit32] C:\Windows\zinit32.exe (Agenda Informationssysteme GmbH & Co. KG)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Auto Run Software for Photo Frame] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: chefkoch.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: kaliber35.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: save.tv ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: snapfisch.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: tvinfo.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: videoload.de ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: xing.com ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range78 ([*] in Lokales Intranet)
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} Reg Error: Value error. (StreamPlug Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webzugang.brnet.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e4ee841-17f1-11dd-bb60-0013a9fc342a}\Shell - "" = AutoRun
O33 - MountPoints2\{0e4ee841-17f1-11dd-bb60-0013a9fc342a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0f1156e4-13f5-11dd-a18c-0013a9fc342a}\Shell - "" = AutoRun
O33 - MountPoints2\{0f1156e4-13f5-11dd-a18c-0013a9fc342a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{156358e6-cfe0-11df-ab15-0013a9fc342a}\Shell - "" = AutoRun
O33 - MountPoints2\{156358e6-cfe0-11df-ab15-0013a9fc342a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{78a5343d-0f7c-11dd-9e72-0013a9fc342a}\Shell - "" = AutoRun
O33 - MountPoints2\{78a5343d-0f7c-11dd-9e72-0013a9fc342a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78a53453-0f7c-11dd-9e72-0013a9fc342a}\Shell - "" = AutoRun
O33 - MountPoints2\{78a53453-0f7c-11dd-9e72-0013a9fc342a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{892d5871-8e4f-11de-aedc-001bfb189c71}\Shell - "" = AutoRun
O33 - MountPoints2\{892d5871-8e4f-11de-aedc-001bfb189c71}\Shell\AutoRun\command - "" = H:\Install.exe
O33 - MountPoints2\{8fa70673-8ff0-11de-b4dd-001bfb189c71}\Shell - "" = AutoRun
O33 - MountPoints2\{8fa70673-8ff0-11de-b4dd-001bfb189c71}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b7915a4b-d610-11dc-a76f-897418141781}\Shell\AutoRun\command - "" = G:\TrueCrypt\TrueCrypt.exe /q /a /e /cy /m rm /v "._tmp"
O33 - MountPoints2\{b7915a4b-d610-11dc-a76f-897418141781}\Shell\dismount\command - "" = G:\TrueCrypt\TrueCrypt.exe /q /d
O33 - MountPoints2\{b7915a4b-d610-11dc-a76f-897418141781}\Shell\mount\command - "" = G:\TrueCrypt\TrueCrypt.exe /q /a /e /cy /m rm /v "._tmp"
O33 - MountPoints2\{b7915a4b-d610-11dc-a76f-897418141781}\Shell\open\command - "" = G:\TrueCrypt\TrueCrypt.exe /e /cy /m rm /v "._tmp"
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 7 Days ==========
 
[2011.04.23 11:03:06 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Blenco\Desktop\OTL.exe
[2011.04.23 09:46:23 | 000,000,000 | ---D | C] -- C:\Users\Blenco\AppData\Roaming\Malwarebytes
[2011.04.23 09:46:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.23 09:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 09:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.23 02:42:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys
[2011.04.21 18:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
========== Files - Modified Within 7 Days ==========
 
[2011.04.23 11:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.23 11:02:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Blenco\Desktop\OTL.exe
[2011.04.23 10:19:12 | 000,000,194 | ---- | M] () -- C:\Windows\Aroey95.ini
[2011.04.23 10:18:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.23 10:18:54 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.23 10:18:54 | 000,003,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.23 10:18:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.23 09:29:57 | 193,546,659 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.23 03:31:56 | 000,000,136 | ---- | M] () -- C:\ProgramData\~42786568r
[2011.04.23 03:31:56 | 000,000,120 | ---- | M] () -- C:\ProgramData\~42786568
[2011.04.21 14:10:12 | 000,383,395 | ---- | M] () -- C:\Users\Blenco\jap.conf
 
========== Files Created - No Company Name ==========
 
[2011.04.23 09:29:57 | 193,546,659 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.23 03:07:36 | 000,000,136 | ---- | C] () -- C:\ProgramData\~42786568r
[2011.04.23 03:07:36 | 000,000,120 | ---- | C] () -- C:\ProgramData\~42786568
[2011.04.05 09:45:50 | 000,000,680 | ---- | C] () -- C:\Users\Blenco\AppData\Local\d3d9caps.dat
[2010.12.23 00:55:23 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
[2010.11.29 17:47:03 | 000,000,057 | ---- | C] () -- C:\Windows\ADS.ini
[2010.11.29 17:42:06 | 000,000,194 | ---- | C] () -- C:\Windows\Aroey95.ini
[2010.10.11 08:25:58 | 000,244,984 | ---- | C] () -- C:\Windows\TUTIL32.DLL
[2010.10.11 08:24:48 | 001,573,888 | ---- | C] () -- C:\Windows\System32\wertzu80.dll
[2010.10.11 08:24:47 | 000,791,552 | ---- | C] () -- C:\Windows\System32\wertzu125.dll
[2010.10.11 08:16:38 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
[2010.10.02 12:05:31 | 000,081,920 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\fontdb.mdb
[2010.10.01 07:19:45 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7820n.dat
[2010.09.22 09:15:44 | 000,000,000 | ---- | C] () -- C:\Windows\FAKT.INI
[2010.07.20 13:29:15 | 000,000,000 | ---- | C] () -- C:\Windows\Fibu.INI
[2010.06.22 16:15:49 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010.02.22 09:57:45 | 000,004,096 | ---- | C] () -- C:\Users\Blenco\AppData\Local\keyfile3.drm
[2009.09.20 11:12:35 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.09.11 08:55:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 08:55:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 08:53:22 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.28 11:39:08 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.01.14 16:54:24 | 000,038,422 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2008.10.03 08:10:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.09.24 14:48:30 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2008.09.24 14:48:30 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2008.09.24 14:48:28 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2008.09.24 14:48:26 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2008.09.15 20:00:52 | 000,000,547 | ---- | C] () -- C:\Windows\Flasher.INI
[2008.07.25 23:22:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.09 19:22:36 | 000,042,296 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2008.07.09 19:22:34 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2008.07.09 19:22:32 | 000,050,488 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2008.06.26 09:56:58 | 000,022,230 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.01.12 16:24:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007.12.07 00:32:22 | 000,022,231 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2007.11.19 22:15:56 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2007.11.16 12:34:29 | 000,000,199 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\Digital TV Script Preferences
[2007.11.07 19:00:09 | 000,022,220 | ---- | C] () -- C:\Users\Blenco\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2007.11.07 19:00:02 | 000,000,130 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.10.18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007.09.14 13:27:27 | 000,003,333 | ---- | C] () -- C:\Windows\tm.ini
[2007.09.09 21:31:27 | 000,000,182 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.08.31 19:01:36 | 000,000,000 | ---- | C] () -- C:\Windows\Softbuch.INI
[2007.08.24 19:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007.08.22 21:15:07 | 000,000,134 | ---- | C] () -- C:\Windows\wininit.ini
[2007.08.11 00:25:20 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2007.08.08 08:19:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL
[2007.08.08 01:00:24 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2007.08.07 23:47:04 | 000,150,016 | ---- | C] () -- C:\Users\Blenco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.07 23:45:01 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2007.08.07 23:43:26 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2007.08.07 23:43:26 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2007.08.07 23:25:39 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.06.19 19:42:45 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007.04.13 09:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.04.12 22:17:44 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2007.03.19 01:16:58 | 000,011,264 | ---- | C] () -- C:\Windows\System32\sssegfilter.dll
[2007.03.19 01:16:54 | 000,217,088 | ---- | C] () -- C:\Windows\System32\ssminidriver.dll
[2007.03.19 01:16:50 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2007.03.19 01:16:40 | 000,010,752 | ---- | C] () -- C:\Windows\System32\sserrhandler.dll
[2007.01.15 10:52:20 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cx21sl3.dll
[2006.11.02 17:42:41 | 000,632,530 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:42:41 | 000,127,548 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 002,376,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,599,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,105,192 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.23 13:38:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\OrdMen.dll
 
========== LOP Check ==========
 
[2007.09.28 09:30:50 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\1&1
[2009.06.11 16:55:00 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Blackberry Desktop
[2010.10.02 12:20:23 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\BorWare
[2007.12.04 22:50:44 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\CCleanup
[2009.01.28 17:24:57 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\DAEMON Tools
[2009.01.28 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\DAEMON Tools Lite
[2009.01.28 17:24:56 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\DAEMON Tools Pro
[2007.11.16 12:35:08 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Digital TV Script
[2011.02.17 15:01:11 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Dropbox
[2010.03.15 12:11:45 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\eDocPrintPro
[2011.02.16 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\elsterformular
[2007.10.05 01:29:31 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\FlashGet
[2007.08.11 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\InterVideo
[2010.11.03 13:49:22 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\JonDo
[2008.07.13 11:20:49 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Juniper Networks
[2007.11.20 05:10:59 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\LinkedIn
[2008.07.02 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\MiniDm
[2010.08.11 03:55:39 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Research In Motion
[2007.10.14 06:59:41 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\saveTV
[2010.05.21 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\ShareTV
[2010.12.07 09:17:19 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\SoftGrid Client
[2010.06.12 14:15:53 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\TeamDrive
[2010.09.19 13:10:34 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Thinstall
[2010.11.13 18:34:52 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\Thunderbird
[2010.12.07 09:13:59 | 000,000,000 | ---D | M] -- C:\Users\Blenco\AppData\Roaming\TP
[2011.04.23 10:17:39 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.04.2011 11:13:37 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Blenco\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 85,71 Gb Total Space | 22,39 Gb Free Space | 26,12% Space Free | Partition Type: NTFS
Drive E: | 29,79 Gb Total Space | 2,16 Gb Free Space | 7,24% Space Free | Partition Type: FAT32
Drive M: | 29,79 Gb Total Space | 27,96 Gb Free Space | 93,86% Space Free | Partition Type: NTFS
 
Computer Name: VGNTZ11VN | User Name: Blenco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1879129682-458446916-792048273-1004]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051E110D-A8AB-4868-AC48-EE19EF34F609}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{53DC9C7E-C7FE-4FFE-BADE-D2A78CBCCC26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{873188A6-13B9-4E96-8F66-DF0FFFC26A3B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8CA3FBFC-1D45-453B-9464-55769A38861D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E62CF58-BF7F-4FF3-B94A-98D085DB622B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1D23C21-935D-45FA-B6EC-7E8AE12F98E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A3CE0E01-170D-48B4-94A4-67DFD771CD88}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AE054DFD-1E5B-4E76-B4DD-D5589EEECF19}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{C2EAECE0-4A9A-4DEE-B964-6B9D2D9D1188}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{C75F1458-7276-4ABF-B337-4E819A4F22D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DEB3ACCA-FAFA-4779-8BF0-53FD7221CE45}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E1475ED8-8AAC-4426-AFB2-84034D55CFF0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E6088476-3211-4122-BAE4-4E6049A89397}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000AD0A1-AA40-4260-97E6-83C700AF4F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{02E3A647-A020-4870-860C-B7C9A1537A0D}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{07B617B0-B2B7-45EB-B90F-687F03DBF26E}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{0E54D74F-72FF-4101-9226-0FA42160541B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{16D243ED-ACE6-4261-B8D6-C4EA9B7E7713}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{17EAC4FF-88DB-4347-B056-5F48825722EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{197FC529-CF55-4348-9D3C-E22B0F762FB3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1A7049A1-5A47-4A7B-8558-60A10922962C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2256BFA0-0183-4512-A89B-99F1A6A13B16}" = protocol=6 | dir=out | app=system | 
"{23C4AFA1-5976-49C8-9A66-E1162B2F0507}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24669E6A-8846-4490-AAE8-781F74CFB090}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{2DE41336-1D8A-4D1C-BBAB-B00FDFDEC041}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2F2FFC7D-6D86-4939-8402-BBF47EFD471B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{32FA3EE3-BF7D-4AA7-9BA0-6238784E9268}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{360C0886-9141-4D8D-9946-B089A9CEA1ED}" = protocol=17 | dir=in | app=c:\users\blenco\appdata\local\apps\2.0\h1j39atz.5m8\x0hwwlmx.zr5\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\fritzbox-usb-fernanschluss.exe | 
"{3EB15BF3-7D8E-44CF-8B35-0BBC955FC772}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{46C3FA73-28B1-420D-8D3C-FC8F695C8F63}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{47B0CDCC-F003-4DDF-BA5C-A67836F1558A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4848EF27-F4C8-4CC5-8678-80BDC9F7F28D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F805FC4-429F-4070-8909-26EFF06B74D2}" = protocol=17 | dir=in | app=c:\users\blenco\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5122B39B-8101-4410-858C-462C334B6D72}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{58E4BA80-A591-40F9-8201-AC83014B3CA0}" = protocol=6 | dir=in | app=c:\users\blenco\appdata\local\apps\2.0\h1j39atz.5m8\x0hwwlmx.zr5\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\fritzbox-usb-fernanschluss.exe | 
"{597A6296-042B-4309-8BE5-6C0ABC0042E9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{61233A65-B43A-4037-837D-F02B37069003}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{66492B5E-E795-47C6-9518-B1DA0701EE4C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6AE0555C-931C-4BFE-8E2C-BE2FB9126A6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C23E08C-A583-490F-A003-6D16E889AC4E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{74862540-08CF-4AC5-8805-01FD0DF047F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{79EC196C-D86A-4EF3-ADA6-81D157D30491}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8546448C-6322-424C-BD3D-EED22F432D3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{856AE092-D1B1-4280-846C-769E80B1C349}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E9571C7-D4FE-4DEC-ACBB-D9687325871C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9AC723FB-A19B-4B72-85BE-AC1D7E91D075}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{9E1CDA0E-35F7-48AA-ABC6-F77658D61E6B}" = protocol=17 | dir=in | app=c:\users\blenco\appdata\local\apps\2.0\h1j39atz.5m8\x0hwwlmx.zr5\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\fritzbox-usb-fernanschluss.exe | 
"{AB885FDA-BEE2-415B-9B95-6C475F399726}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACD2DD07-4378-486E-BC43-2ABC282CFAB7}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{B168946A-70EC-44DC-8C3E-8A1D4E194DE9}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{B42679CD-94E6-43EC-8265-D5B85148908C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7946EAB-4F82-4C9A-BD93-D1C7AA6676A3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B875217B-1C94-4FFA-8E33-315319C970F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BAAA8EFD-07E8-4E3F-86E8-FE828FAE07A0}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{BE2998FF-8889-46A5-8E3F-C8E82707F5C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3A7446E-13C7-477A-8AC2-7D3469C99B62}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C861731F-522B-4B0E-B6D9-3401FCB8C20C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA273DCC-5F9B-403C-A090-816941008F38}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D17E0278-EEF6-4DDC-9B2B-42A05A058E37}" = protocol=6 | dir=in | app=c:\users\blenco\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DF1825C9-D98C-4552-B55B-55AFFD8B34DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E254F736-2183-4620-B403-FD469FDE1240}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{E479FE38-A8A7-4363-88AA-8EDCA5917992}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 
"{E6A957CB-7413-4CDF-B36B-31E2D8546901}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6C2FFCC-4760-415B-84CF-0B1289317F6E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8E8FF76-B32F-4AC4-8BB3-EB0B4612E78A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8F73629-03A6-456A-8168-9808D9D08775}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7C68908-8BB6-4679-876C-B44D47EB3FA6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe | 
"{FC3B6406-2897-4680-8E12-8D9F50907746}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{FFBF7FC0-3E5C-49EC-A2BF-49BEBB3B8A99}" = protocol=6 | dir=in | app=c:\users\blenco\appdata\local\apps\2.0\h1j39atz.5m8\x0hwwlmx.zr5\frit..tion_f8d772dfbb3f7453_0002.0001_147a792107b9f781\fritzbox-usb-fernanschluss.exe | 
"TCP Query User{1B0A856D-4D52-4FC4-848F-394ED325A0DE}C:\program files\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files\1&1\1&1 softphone\ipphoneui.exe | 
"TCP Query User{2B2710EB-6E54-4A28-8D51-B4CE38626A58}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{341C692A-3FA7-4402-9A9C-2179DFFB3082}C:\users\blenco\appdata\local\thinstall\cache\stubs\90c81a682a0f6d78eb7dcf2d2fce2bd5bd52d\wswc.exe" = protocol=6 | dir=in | app=c:\users\blenco\appdata\local\thinstall\cache\stubs\90c81a682a0f6d78eb7dcf2d2fce2bd5bd52d\wswc.exe | 
"TCP Query User{3DA190F1-D227-495C-980E-D614DF35D1D5}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{5CECBBB4-340E-4E4E-82E2-4946807AA635}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{5F33D289-6630-4865-AC12-C205DF177A0A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{95158942-2082-4D89-B03A-34D4D29110CF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9ADF5715-ED43-40FA-8213-9EE41A08F7A5}C:\program files\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files\leechftp\leechftp.exe | 
"TCP Query User{9CCF8069-F760-458D-98DE-BDADCE2FEC00}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{A2652D3F-5C8C-48BB-A2F7-03D7DFC8A01D}C:\program files\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files\1&1\1&1 softphone\ipphoneui.exe | 
"TCP Query User{B0B4EAA9-5BA9-4165-BEA6-394805D9F63E}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"TCP Query User{D2E914B1-11F5-46E2-8868-16648A92BD38}C:\program files\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files\leechftp\leechftp.exe | 
"TCP Query User{DA55CBC2-F4AD-48DD-9C40-276E2CE5C6E4}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"TCP Query User{E94ADD2E-0DCE-433C-B8E1-2475EC09AC32}C:\program files\microsoft office\office12\excel.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\excel.exe | 
"UDP Query User{026219FA-1707-4BBC-B166-9454108FBA9A}C:\program files\microsoft office\office12\excel.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\excel.exe | 
"UDP Query User{09284BF6-17FA-4CCA-802B-0F2B02F38E3F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1963D6C4-2BB5-4006-B15A-3E88A91AFFAA}C:\users\blenco\appdata\local\thinstall\cache\stubs\90c81a682a0f6d78eb7dcf2d2fce2bd5bd52d\wswc.exe" = protocol=17 | dir=in | app=c:\users\blenco\appdata\local\thinstall\cache\stubs\90c81a682a0f6d78eb7dcf2d2fce2bd5bd52d\wswc.exe | 
"UDP Query User{314180DE-15B7-4FA4-B49E-A03706E2DB49}C:\program files\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files\1&1\1&1 softphone\ipphoneui.exe | 
"UDP Query User{55C8A7E6-E516-4507-83A4-FA99E51F0814}C:\program files\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files\leechftp\leechftp.exe | 
"UDP Query User{67B3CE1D-4BE0-42F4-ACD0-FC3EE78FFC25}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"UDP Query User{7C9DCC71-DD86-424D-BEEC-6816D6E1CCF3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9EAC0D42-2755-4522-A12D-65122AFD1ACA}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{A6168534-ECF0-4F78-8A42-3C189F94B614}C:\program files\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files\leechftp\leechftp.exe | 
"UDP Query User{AB5754D3-C07A-4842-B14D-E469E1C8CE68}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"UDP Query User{DB93E2C0-0AB5-40D7-9309-B59C85EE0CC7}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{E6197AF6-1E45-4F87-8D27-5DB497C24D1D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{E74BC214-89E1-4FBD-9B49-A243DD36D213}C:\program files\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files\1&1\1&1 softphone\ipphoneui.exe | 
"UDP Query User{EFCCA39D-4860-4D75-8E13-D5E0E4FC7FA1}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}" = sipgate Faxdrucker
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A0F7DFF-6F13-458C-8EC3-5386E8C251C6}" = BlackBerry Device Software Updater
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3A23120C-CD83-4CE6-B451-C5C998052522}" = Battery Care Function
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F07C18C-6FD4-4746-A282-30D70571867C}" = Peripheral Device & Storage Media Restriction Setting Utility
"{428A6DA3-FD56-44AE-B602-15DCCD6A7515}" = VAIO AV Mode Launcher
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" = 
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" = 
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5A8A1D79-89B8-45B0-A683-631F814D8203}" = Advantage Database Server for Windows v9.0
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6970AAC9-A97B-4F89-A887-2F0636791E10}" = VAIO Status Monitor
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{93293322-B694-4270-B7FE-DDE1A681ACCA}" = linguatec Voice Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C183A21C-395A-490F-99D4-CCAB35E32859}" = 
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DA592460-CD51-4B46-8120-4C44BB0A2FEB}" = Stampit Business
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"1&1 SoftPhone" = 1&1 SoftPhone
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Aguninst" = Agenda Software
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular für Privatanwender und Unternehmer
"FlashGet" = FlashGet 1.9.6.1073
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"JAP" = JAP
"JuniperSetupClient Activex Control" = Juniper Networks Setup Client Activex Control
"LeechFTP" = LeechFTP 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"Philips Photo Manager_is1" = Philips Photo Manager 1.1
"Softbuch Online 2006" = Softbuch Online 2006
"Softbuch Version 2.x" = Softbuch Version 2.x
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Ulead GIF Animator Lite Edition 1.0" = Ulead GIF Animator Lite Edition 1.0
"UMTS USB Modem Manager" = UMTS USB Modem Manager
"VLC media player" = VideoLAN VLC media player 0.8.6c
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
"JuniperSetupClient" = Juniper Networks Setup Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2011 21:01:42 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.04.2011 21:06:53 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.04.2011 21:10:20 | Computer Name = VGNTZ11VN | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung dAmLSTWYyWMb.exe, Version 1.8.0.0, Zeitstempel
0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel 
0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276, Prozess-ID 0xc14, Anwendungsstartzeit
01cc0152b2abdf59.
 
Error - 22.04.2011 21:29:03 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.04.2011 21:49:15 | Computer Name = VGNTZ11VN | Source = EventSystem | ID = 4609
Description = 
 
Error - 22.04.2011 22:03:25 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.04.2011 03:31:51 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.04.2011 03:54:39 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.04.2011 04:12:22 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.04.2011 04:19:37 | Computer Name = VGNTZ11VN | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 23.04.2011 04:11:24 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.04.2011 04:11:24 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.04.2011 04:12:19 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.04.2011 04:13:12 | Computer Name = VGNTZ11VN | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 23.04.2011 04:13:12 | Computer Name = VGNTZ11VN | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 23.04.2011 04:19:12 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.04.2011 04:19:12 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.04.2011 04:19:30 | Computer Name = VGNTZ11VN | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.04.2011 04:19:40 | Computer Name = VGNTZ11VN | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 23.04.2011 04:19:40 | Computer Name = VGNTZ11VN | Source = WMPNetworkSvc | ID = 866312
Description = 
 
 
< End of report >
         
--- --- ---


DANKE und frohe ostern!!!

moin-moin allerseits:

1. hab ich leider aus versehen zwei themen eröffnet. zuerst das andere (http://www.trojaner-board.de/97966-t...nicht-weg.html) - bei dessen "absenden" der browser abgestürzt ist und das ist daher für gescheitert hielt und dann dieses hier. kann man die irgendwie zusammenlegen/einen davon löschen? ich brauche jedenfalls nicht zweimal hilfe, sondern nur einmal - diese aber immer noch und durchaus (subjektiv) dringend...

2. hab ich mir inzwischen die gratis-30-tage-test-version von kaspersky pure besorgt und die über den rechner laufen lassen. die hat noch 11 viren und 3 trojaner gefunden und entsorgt. TROTZDEM ist nach jedem neustart im systemspeicher wieder ein Rootkit.Win32.Sst.a zu finden, der auch identifiziert wird, aber anscheinend nicht entfernt werden kann...

3. an effekten hat sich vieles gebessert, die systemgeschwindigkeit ist wieder normal, programme lassen sich wieder starten etc., aber das browser-hijacking ist immer noch da. ohne daß es dafür neue reiter bräuchte funkt der ie9 kontinuierlich seltsame seiten an, auf deinen meist ein skript namens "ac.php" läuft. ich hab einen screenshot eines ausschnitts meines browserverlaufs gemacht - leider sehe ich nicht, wie ich den hier hochladen könnte. aber unter hxxp://forum.kaspersky.com/index.php?act=attach&type=post&id=204076 kann man ihn anschauen...

ich freue mich über baldige hilfe - 1000 dank, blenco.

Alt 26.04.2011, 14:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
browser funkt an http://www.findboots.org/ac.php nach tr/kazy-angriff - Standard

browser funkt an http://www.findboots.org/ac.php nach tr/kazy-angriff



EIN STRANG REICHT!!! => http://www.trojaner-board.de/97966-t...nicht-weg.html
__________________

__________________

Antwort

Themen zu browser funkt an http://www.findboots.org/ac.php nach tr/kazy-angriff
ac.php, antivir, antivirus, audiograbber, avgntflt.sys, avira, becks, bho, bonjour, browser, crypto, data restore, document, entfernen, error, excel, excel.exe, findboots.org, firefox, flash player, frame, google, google earth, helper, home, iexplore.exe, intranet, location, logfile, löschen?, microsoft office word, mozilla thunderbird, oldtimer, realtek, safer networking, saver, scan, sched.exe, security, seltsame seite, server, shell32.dll, skype.exe, software, sptd.sys, start menu, svchost.exe, system, tr/kaza, trojaner gefunden, unhide, vista, windows, windows recovery



Ähnliche Themen: browser funkt an http://www.findboots.org/ac.php nach tr/kazy-angriff


  1. Website des ISC nach Angriff im Notbetrieb
    Nachrichten - 27.12.2014 (0)
  2. Nach JAVA-Update Malware auf PC...Überschreibt Browser-Startseite mit http://istart.webssearches.com
    Log-Analyse und Auswertung - 07.09.2014 (3)
  3. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet sich mehrmals im Browser. :(
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (18)
  4. Veralteter Browser erkannt: http://www.updating-your-browser.com/Firefox-DE/
    Plagegeister aller Art und deren Bekämpfung - 08.01.2014 (9)
  5. Veralteter Browser Erkannt: http://www.browse-update.net/Firefox-DE/
    Plagegeister aller Art und deren Bekämpfung - 03.01.2014 (14)
  6. immer neue fenster in mozilla browser - http://arl16.ezpowerads.com.........................
    Plagegeister aller Art und deren Bekämpfung - 23.09.2013 (13)
  7. TR/Kazy.ies in Sytem Volume Information Browser stürzt ständig ab
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (4)
  8. Nach Tronjaner Angriff Windows Neuinstallieren.
    Alles rund um Windows - 16.03.2012 (1)
  9. CIA-Website nach Angriff vom Netz
    Nachrichten - 11.02.2012 (0)
  10. Startseite der Browser wird immer mit http://www.searchqu.com/406 gestartet
    Log-Analyse und Auswertung - 26.07.2011 (24)
  11. Explorer.exe funkt nicht richtig (variant.kazy Virus) mit Logfiles
    Log-Analyse und Auswertung - 19.05.2011 (2)
  12. Angriff durch HTTP Neosploit Activity 3 - was nun?
    Plagegeister aller Art und deren Bekämpfung - 15.03.2010 (10)
  13. Browser Hijacker auf http://de.pcprivacycleanerpro.com
    Log-Analyse und Auswertung - 14.11.2008 (1)
  14. Nach Virenbefall funkt I-Explorer und Norton nicht mehr!?
    Log-Analyse und Auswertung - 23.09.2008 (18)
  15. nach codec und software installation funkt Messenger 7.5 nicht mehr, BITTE HILFE
    Log-Analyse und Auswertung - 14.11.2007 (4)
  16. Die svchost.exe funkt nach Redmond?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2005 (3)
  17. Browser wurde lahmgelegt, keine URL funkt.!
    Log-Analyse und Auswertung - 10.12.2004 (3)

Zum Thema browser funkt an http://www.findboots.org/ac.php nach tr/kazy-angriff - grüß gott allerseits: ich habe dank der vielen hinweise in den anderen threads einen gestern abend bei mir eingebrochenen fake windows recovery anscheinend entfernen können - dateien mit unhide zurückgezaubert, - browser funkt an http://www.findboots.org/ac.php nach tr/kazy-angriff...
Archiv
Du betrachtest: browser funkt an http://www.findboots.org/ac.php nach tr/kazy-angriff auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.