|
animalware doctor problem hallo, hab jetzt schon einige anleitungen in diesen forum gemacht um den trojaner loszuwerden. habe Malwarebytes ausgeführt und rkill.com laut dieser anleitung hier: http://www.trojaner-board.de/83172-a...entfernen.html sooo nun hier mal der LOG...keine ahnung ob ich das zeugs jetzt los bin oder nicht?? jetzt führe ich gerade noch den CCleaner durch... info.txt logfile of random's system information tool 1.06 2010-05-04 19:27:02 ======Uninstall list====== -->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.3.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001} Adobe Shockwave Player 11.5-->C:\Windows\system32\Adobe\uninstaller.exe Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE} Apple Mobile Device Support-->MsiExec.exe /I{B5C3B892-0849-476C-9F46-B12F84819D57} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFDF9AE-66B2-4A1F-8249-32EF14B97150}\Setup.exe" -l0x7 ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\Setup.exe" -l0x7 Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0007 -removeonly Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67} Bonjour-->MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C} Call of Combat-->"C:\Program Files\Call of Combat\uninstall.exe" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} Corel MediaOne-->MsiExec.exe /I{A062A15F-9CAC-4B88-98DF-87628A0BD721} CorelDRAW Essential Edition 3-->"C:\Program Files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher" {ADDBE07D-95B8-4789-9C76-187FFF9624B4} CorelDRAW Essential Edition 3-->MsiExec.exe /I{ADDBE07D-95B8-4789-9C76-187FFF9624B4} CyberLink LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall CyberLink LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall CyberLink MediaShow-->"C:\Program Files\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\Setup.exe" /z-uninstall CyberLink MediaShow-->"C:\Program Files\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\Setup.exe" /z-uninstall CyberLink PhotoNow-->"C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall CyberLink PhotoNow-->"C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall CyberLink PowerDVD Copy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe" -uninstall CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall DE-->MsiExec.exe /I{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D} DEUTSCHLAND SPIELT GAME CENTER-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" UInstAllGPAndDS Die Siedler II - Die nächste Generation-->"C:\Program Files\Ubisoft\Funatics\Die Siedler II - Die nächste Generation\uninstall.exe" Die Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com EA Download Manager UI-->msiexec /qb /x {4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA} EA Download Manager UI-->MsiExec.exe /I{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA} EA Download Manager-->C:\Program Files\Electronic Arts\EADM\EADMUninstall.exe Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe" Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins001.exe" Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.1.249.1064\Installer\setup.exe" --uninstall --system-level Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" IC 445C Webcam-->C:\Program Files\InstallShield Installation Information\{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}\setup.exe -runfromtemp -l0x0007 -removeonly ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly IncrediMail 2.0-->C:\Program Files\IncrediMail\Bin\ImSetup.exe /uninstallProduct /addon:incredimail IncrediMail-->MsiExec.exe /X{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA} Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe iPhone-Konfigurationsprogramm-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1} IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe iTunes-->MsiExec.exe /I{996A2FAA-7514-4628-9D12-A8FC34A0016E} Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} LightScribe System Software-->MsiExec.exe /X{4A9849CA-E11C-4F24-8BB1-97C717A1C898} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MCE Software Encoder 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850407-6000-11D3-8CFE-0150048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [DEU]-->MsiExec.exe /I{BAC80EF3-E106-4AEA-8C57-F217F9BC7358} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F} Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" PunkBuster Services-->C:\Windows\system32\pbsvc_bc2.exe -u PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A} QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709 RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F} Safari-->MsiExec.exe /I{A67BB21E-D419-45BB-AB86-7D87D14BBCE2} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF} Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{98EA51C9-B0B0-45BC-8641-3E119EA47D7B} Sony Ericsson PC Suite 4.005.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0007 -removeonly Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} SPORE™ Süß & Schrecklich Ergänzungs-Pack-->"C:\Program Files\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe" -runfromtemp -l0x0007 -removeonly SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0007 -removeonly Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG TS3 Install Helper Monkey-->"C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\uninstall.exe" TSR Launcher-->MsiExec.exe /I{084F0F60-DA25-4A86-A954-1BE5FE19E495} Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} USB Wireless Keyboard Driver-->C:\Program Files\InstallShield Installation Information\{EDC66A92-4603-4D72-B28C-570075B55DF0}\setup.exe -runfromtemp -l0x0007 -removeonly VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live ID-Anmelde-Assistent-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845} Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB} Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe" Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D} Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} WinRAR-->C:\Program Files\WinRAR\uninstall.exe Wondershare Photo Collage Studio 4.2.9.2-->"C:\Program Files\Wondershare\Photo Collage Studio\unins000.exe" Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Nicki-PC Event Code: 4372 Message: Windows-Wartung setzt das Paket KB967723(Security Update) in den Status Wird bereitgestellt(Staging). Record Number: 25087 Source Name: Microsoft-Windows-Servicing Time Written: 20090910143329.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Nicki-PC Event Code: 4372 Message: Windows-Wartung setzt das Paket KB967723(Security Update) in den Status Wird bereitgestellt(Staging). Record Number: 25086 Source Name: Microsoft-Windows-Servicing Time Written: 20090910143329.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Nicki-PC Event Code: 4372 Message: Windows-Wartung setzt das Paket KB967723(Security Update) in den Status Wird bereitgestellt(Staging). Record Number: 25085 Source Name: Microsoft-Windows-Servicing Time Written: 20090910143329.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Nicki-PC Event Code: 4372 Message: Windows-Wartung setzt das Paket KB967723(Security Update) in den Status Aufgelöst(Resolved). Record Number: 25084 Source Name: Microsoft-Windows-Servicing Time Written: 20090910143329.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Nicki-PC Event Code: 2000 Message: Die Windows-Defender-Signaturversion wurde aktualisiert. Aktuelle Signaturversion: 1.65.586.0 Vorherige Signaturversion: 1.65.477.0 Aktualisierungsquelle: Benutzer Signaturtyp: AntiSpyware Aktualisierungstyp: Delta Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: 1.1.5005.0 Vorherige Modulversion: 1.1.5005.0 Record Number: 25083 Source Name: Microsoft-Windows-Windows Defender Time Written: 20090910143312.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: WIN-7WX19QJORCI Event Code: 0 Message: Record Number: 5 Source Name: RichVideo Time Written: 20090525154958.000000-000 Event Type: Informationen User: Computer Name: WIN-7WX19QJORCI Event Code: 4 Message: The LightScribe Service started successfully. Record Number: 4 Source Name: LightScribeService Time Written: 20090525154958.000000-000 Event Type: Informationen User: Computer Name: WIN-7WX19QJORCI Event Code: 4625 Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 3 Source Name: Microsoft-Windows-EventSystem Time Written: 20090525154956.000000-000 Event Type: Informationen User: Computer Name: WIN-C2E47NA474O Event Code: 900 Message: Der Softwarelizenzierungsdienst wird gestartet. Record Number: 2 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20090525154956.000000-000 Event Type: Informationen User: Computer Name: WIN-C2E47NA474O Event Code: 1531 Message: Der Benutzerprofildienst wurde erfolgreich gestartet. Record Number: 1 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090525154956.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM =====Security event log===== Computer Name: WIN-7WX19QJORCI Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: WIN-7WX19QJORCI$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x22c Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Netzwerkadresse: - Port: - Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090525154952.295433-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-7WX19QJORCI Event Code: 4902 Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt. Anzahl von Elementen: 0 Richtlinienkennung: 0x9b384 Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090525154951.967831-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-7WX19QJORCI Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-0-0 Kontoname: - Kontodomäne: - Anmelde-ID: 0x0 Anmeldetyp: 0 Neue Anmeldung: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x4 Prozessname: Netzwerkinformationen: Arbeitsstationsname: - Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: - Authentifizierungspaket: - Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090525154951.624629-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-7WX19QJORCI Event Code: 4608 Message: Windows wird gestartet. Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090525154951.609028-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-7WX19QJORCI Event Code: 4647 Message: Benutzerinitiierte Abmeldung: Antragsteller: Sicherheits-ID: S-1-5-21-1907823751-849322226-2714785203-500 Kontoname: Administrator Kontodomäne: WIN-7WX19QJORCI Anmelde-ID: 0x303ac Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090424100554.922000-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=4 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip "asl.log"=Destination=file;OnFirstLog=command,environment -----------------EOF----------------- |
Hallo und :hallo: Zitat:
|
also der malware hatte nichts mehr gefunden gestern...aber schon heute hab ich wieder virus meldungen bekommen und dieses doofe animalware soktor kommt wieder :( bitte helft mir.. habs etz grad nochmal ausführen lassen und hat wieder paar einträge gefunden hier mal der log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 05.05.2010 20:54:37 mbam-log-2010-05-05 (20-54-37).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 117057 Laufzeit: 5 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\system32\Drivers\psxrt.sys (Rootkit.Agent) -> Quarantined and deleted successfully. |
Hallo und :hallo: bitte nen Vollscan mit malwarebytes machen (vorher das Pogramm aktualisieren!!) und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
|
also hier mal der vollscan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4070 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 06.05.2010 12:24:28 mbam-log-2010-05-06 (12-24-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 266922 Laufzeit: 48 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Nicki\AppData\Local\Temp\Tmf.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Windows\System32\drivers\psxrt.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Nicki\AppData\Local\Temp\Tmh.exe (Trojan.FakeAlert) -> Delete on reboot. |
und hier das ergebnis von OTL ( bitte bitte helft mir...es wird immer schlimmer obwohl ich jetzt schon so oft den voll und quick scan durchgeführt habe und alles dort löschte ) OTL logfile created on: 06.05.2010 12:32:34 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Nicki\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 11,00 Gb Paging File | 10,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,51 Gb Total Space | 722,94 Gb Free Space | 79,31% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 8,94 Gb Free Space | 44,69% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NICKI-PC Current User Name: Nicki Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Nicki\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Nicki\AppData\Roaming\48ECF69966B42005A4F642F42C6D2D79\gotnewupdate000.exe () PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\ModLEDKey.exe (Chicony) PRC - C:\Windows\CNYHKey.exe (Chicony) PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (SafeList) ========== MOD - C:\Users\Nicki\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Programme\HomeCinema\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 16 90 B3 3C 86 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.7.3 FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={92DD173C-9CE2-7B17-952B-D325A6DB5086}&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.08 09:09:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 19:13:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 13:49:49 | 000,000,000 | ---D | M] [2009.05.30 18:50:45 | 000,000,000 | ---D | M] -- C:\Users\Nicki\AppData\Roaming\mozilla\Extensions [2010.05.05 15:32:50 | 000,000,000 | ---D | M] -- C:\Users\Nicki\AppData\Roaming\mozilla\Firefox\Profiles\147mpres.default\extensions [2009.07.23 21:11:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nicki\AppData\Roaming\mozilla\Firefox\Profiles\147mpres.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.18 18:26:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nicki\AppData\Roaming\mozilla\Firefox\Profiles\147mpres.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.03.14 22:24:01 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Nicki\AppData\Roaming\mozilla\Firefox\Profiles\147mpres.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2009.08.31 01:20:30 | 000,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Users\Nicki\AppData\Roaming\mozilla\Firefox\Profiles\147mpres.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} [2009.07.27 20:27:47 | 000,000,681 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\Mozilla\FireFox\Profiles\147mpres.default\searchplugins\ask.xml [2009.10.27 15:30:46 | 000,002,171 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\Mozilla\FireFox\Profiles\147mpres.default\searchplugins\bing.xml [2009.08.31 01:20:32 | 000,005,407 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\Mozilla\FireFox\Profiles\147mpres.default\searchplugins\fast-browser-search.xml [2010.04.29 22:27:21 | 000,000,944 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\Mozilla\FireFox\Profiles\147mpres.default\searchplugins\icqplugin.xml [2010.01.13 19:03:55 | 000,002,149 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\Mozilla\FireFox\Profiles\147mpres.default\searchplugins\MyStart Search.xml [2009.05.30 18:50:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.14 21:56:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 21:56:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.09.01 14:48:57 | 000,003,700 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.png [2009.09.01 14:48:56 | 000,001,963 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.xml [2010.03.14 21:56:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 21:56:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 21:56:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.05 21:52:40 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ledpointer] C:\Windows\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [MoLed] C:\Windows\ModLEDKey.exe (Chicony) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [gotnewupdate000.exe] C:\Users\Nicki\AppData\Roaming\48ECF69966B42005A4F642F42C6D2D79\gotnewupdate000.exe () O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.22 01:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{7e2e3b50-4943-11de-b753-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7e2e3b50-4943-11de-b753-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.06 11:34:05 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Nicki\Desktop\OTL.exe [2010.05.05 22:01:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.05.05 21:52:28 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2010.05.05 21:51:24 | 000,000,000 | ---D | C] -- C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP [2010.05.04 19:26:52 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.05.04 19:26:51 | 000,000,000 | ---D | C] -- C:\rsit [2010.05.04 19:26:34 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.05.04 19:03:24 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\Malwarebytes [2010.05.04 19:03:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.04 19:03:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.04 19:03:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.04 19:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.04 18:55:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2010.05.04 18:32:12 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\48ECF69966B42005A4F642F42C6D2D79 [2010.05.03 11:12:49 | 000,000,000 | ---D | C] -- C:\Users\Nicki\Desktop\1.5 [2010.04.29 22:04:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.26 00:03:34 | 000,000,000 | ---D | C] -- C:\Users\Nicki\Desktop\bbq [2010.04.21 22:51:09 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\skypePM [2010.04.21 22:46:33 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\Skype [2010.04.21 22:46:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.04.21 22:46:21 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.04.21 22:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.04.20 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Local\MigWiz [2010.04.20 22:14:02 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.04.20 22:02:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.04.20 21:17:57 | 000,000,000 | ---D | C] -- C:\Programme\Wecker6 [2010.04.14 01:51:47 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.14 01:51:47 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.14 01:51:45 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.14 01:51:38 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.14 01:51:38 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.04.13 23:04:57 | 027,592,056 | ---- | C] (EA Digital Illusions CE AB) -- C:\Users\Nicki\Desktop\BFBC2Game.exe [2010.04.12 18:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.04.11 16:22:13 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\Ventrilo [2010.04.11 16:22:04 | 000,000,000 | ---D | C] -- C:\Programme\Ventrilo [2010.04.10 13:30:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.06 12:33:51 | 003,670,016 | -HS- | M] () -- C:\Users\Nicki\ntuser.dat [2010.05.06 12:33:35 | 000,859,648 | ---- | M] () -- C:\Windows\System32\drivers\psxrt.sys [2010.05.06 12:27:19 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.05.06 12:27:19 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.05.06 12:27:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.06 12:27:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.06 12:27:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.06 12:27:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.06 12:26:17 | 000,524,288 | -HS- | M] () -- C:\Users\Nicki\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.06 12:26:17 | 000,065,536 | -HS- | M] () -- C:\Users\Nicki\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.06 12:25:55 | 002,142,065 | -H-- | M] () -- C:\Users\Nicki\AppData\Local\IconCache.db [2010.05.06 11:34:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Nicki\Desktop\OTL.exe [2010.05.06 03:04:06 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.06 03:04:06 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.06 03:04:06 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.06 03:04:06 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.06 03:04:06 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.06 02:51:07 | 000,001,398 | ---- | M] () -- C:\Users\Nicki\Desktop\DivX Movies.lnk [2010.05.05 22:29:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79D56AA5-42EF-401D-AF9A-66E44CE88761}.job [2010.05.05 08:34:27 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.05.05 00:35:22 | 000,000,016 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\qvjsge.dat [2010.05.04 19:26:35 | 000,001,674 | ---- | M] () -- C:\Users\Nicki\Desktop\CCleaner.lnk [2010.05.04 19:03:17 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.04 18:32:17 | 000,165,888 | ---- | M] () -- C:\Windows\Tfyfoa.exe [2010.05.03 23:28:29 | 006,717,440 | ---- | M] () -- C:\Users\Nicki\Desktop\The Suppliers feat Gorilla Zoe Leave Me Alone [2010].mp3 [2010.04.29 16:02:45 | 000,318,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.26 10:25:51 | 000,004,544 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2010.04.25 14:28:46 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.04.22 08:18:03 | 000,023,040 | ---- | M] () -- C:\Users\Nicki\Desktop\AROTEL,+Hotelfachfrau.doc [2010.04.22 08:17:41 | 000,034,304 | ---- | M] () -- C:\Users\Nicki\Desktop\Nicki Lebenslauf.doc [2010.04.22 08:17:28 | 000,025,088 | ---- | M] () -- C:\Users\Nicki\Desktop\Bewerbung 1.FCN.doc [2010.04.21 23:07:07 | 000,921,632 | ---- | M] () -- C:\PA7302.DAT [2010.04.21 22:51:10 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010.04.20 22:25:42 | 000,083,696 | ---- | M] () -- C:\Users\Nicki\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.20 21:18:02 | 000,000,034 | ---- | M] () -- C:\Windows\mswsyst.doc [2010.04.13 23:08:59 | 000,000,457 | ---- | M] () -- C:\Windows\win.ini [2010.04.11 16:22:05 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk [2010.04.11 16:22:05 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.04.07 16:57:48 | 004,816,896 | ---- | M] () -- C:\Users\Nicki\Desktop\Jason Derulo - In My Head (Official Lyrics Video).mp3 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.06 02:51:07 | 000,001,398 | ---- | C] () -- C:\Users\Nicki\Desktop\DivX Movies.lnk [2010.05.05 00:35:47 | 000,859,648 | ---- | C] () -- C:\Windows\System32\drivers\psxrt.sys [2010.05.05 00:35:14 | 000,000,016 | ---- | C] () -- C:\Users\Nicki\AppData\Roaming\qvjsge.dat [2010.05.04 19:26:35 | 000,001,674 | ---- | C] () -- C:\Users\Nicki\Desktop\CCleaner.lnk [2010.05.04 19:03:17 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.04 18:32:21 | 000,165,888 | ---- | C] () -- C:\Windows\Tfyfoa.exe [2010.05.04 11:19:41 | 000,327,655 | ---- | C] () -- C:\Users\Nicki\Desktop\TS3InstallHelper.exe [2010.05.03 23:28:20 | 006,717,440 | ---- | C] () -- C:\Users\Nicki\Desktop\The Suppliers feat Gorilla Zoe Leave Me Alone [2010].mp3 [2010.04.22 08:18:03 | 000,023,040 | ---- | C] () -- C:\Users\Nicki\Desktop\AROTEL,+Hotelfachfrau.doc [2010.04.22 08:17:41 | 000,034,304 | ---- | C] () -- C:\Users\Nicki\Desktop\Nicki Lebenslauf.doc [2010.04.22 08:17:27 | 000,025,088 | ---- | C] () -- C:\Users\Nicki\Desktop\Bewerbung 1.FCN.doc [2010.04.21 23:07:07 | 000,921,632 | ---- | C] () -- C:\PA7302.DAT [2010.04.21 22:51:10 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.04.21 22:46:22 | 000,002,379 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.04.20 22:25:36 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.04.20 22:15:19 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.04.20 21:18:02 | 000,000,034 | ---- | C] () -- C:\Windows\mswsyst.doc [2010.04.11 16:22:05 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk [2010.04.11 16:22:03 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.04.07 16:57:39 | 004,816,896 | ---- | C] () -- C:\Users\Nicki\Desktop\Jason Derulo - In My Head (Official Lyrics Video).mp3 [2010.03.15 20:12:07 | 000,004,544 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.03.15 20:12:07 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\58B397C290.sys [2010.01.08 18:43:14 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.01.08 18:43:14 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.01.04 01:20:51 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini [2010.01.04 01:20:47 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini [2009.05.30 19:16:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.28 21:01:47 | 000,049,152 | ---- | C] () -- C:\Windows\CNYUSB.dll [2009.05.28 21:01:47 | 000,005,120 | ---- | C] () -- C:\Windows\HKCYDLL.dll [2009.05.28 21:01:47 | 000,000,360 | ---- | C] () -- C:\Windows\CNYHKey.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Nicki\Winkelhaid.MP4:TOC.WMV @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > UND OTL Extras logfile created on: 06.05.2010 12:32:34 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Nicki\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 11,00 Gb Paging File | 10,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,51 Gb Total Space | 722,94 Gb Free Space | 79,31% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 8,94 Gb Free Space | 44,69% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NICKI-PC Current User Name: Nicki Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11CA77E7-F1FD-40C5-A32F-582FA4559D2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{18A0DE4C-5881-4499-B025-16C71FAB412F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2035D12A-EC8B-4DAC-BD35-B2523A6176E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2BC3FCC2-FAF5-4487-9258-C90CD47FA09B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{65DBA05A-C14E-457C-930F-EA877D05A607}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9E8A6C3E-91CE-4835-BAB2-3E8E63C5B2B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B615C5B0-5EB7-440C-A35D-320BE195B4CE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CBC4E875-E3F0-4B2A-922C-EBB084ACBB96}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D365F771-8669-4129-8040-F0AD80AF194C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DA435306-E610-46E9-B6D5-4564E1278664}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01289BDB-3E16-4B9E-BDF9-23ADB6C9B755}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{02B1A3A3-E6F9-4601-A3B3-B8CEE05BE901}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{08597C1D-44A4-47ED-A9A4-046270B96F05}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{08936A35-3659-4E2C-93FA-BBEDC75CB45A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0F7A39B8-D926-44DC-8EEB-DB5B4521485C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{197E23C6-013E-4F40-A56A-E5684954C6C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1B93DF3D-A46B-4045-936D-8B424755DB3D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1EB804D1-EB32-4D11-9B9F-53EA83FC0043}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{1FF96453-C5AB-4B5F-A6C2-B89B454DA06F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{3C3ACA75-008C-4000-B9D9-0FE0C7C78116}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{42E61098-C987-4275-9047-A0132F0F6CFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4974A401-2913-4506-A192-C6AD02CF9B54}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4D26C4C5-7A38-43B2-9F4D-F7B810F4DAE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C5D76A8-3840-4349-97B5-C5C189D9C722}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd9.exe | "{6B756CB8-3986-4B2F-A922-7A9A7F1BB551}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{77C14804-4AE8-4823-A9A4-96132BF87486}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{7E7F529C-E564-4F62-AA95-6077EF5F77D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{97C53395-38A2-4974-82ED-41732FE363FA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{9EF05520-E8FE-4522-A530-A84AC1D77184}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{B51C8116-62C1-4E20-89BF-568F6DD9C216}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{BBD19D14-31C2-4E0B-985A-7768A44ABFDA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{BF0D81E1-7F1A-47CD-A6AA-9DE7E2A758A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C2F68B68-19D7-44C1-AF99-289FE83690C7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{C6EB1591-5865-4589-89C2-E3915E42F284}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{CAC1A2DB-443E-4BB2-9FC9-A7E99052CE13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{D7458E72-8734-45B8-AA42-5972DFB985B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DE6BA96D-2D3E-4F49-B5D2-D4631713EE05}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{E43F8818-C34C-44CB-B93A-8B809D3E57A8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{EE1DB990-200C-4446-BCF6-F266C1FC9182}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{EEE77F78-1376-40D9-8A01-26CB37EF6DE8}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{F2E5F402-7459-4C20-9B2E-97CF508BC0AD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{F60AC12C-D5B9-465B-B58A-03F24F57FFCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F9F8F5F7-42A2-4F07-8648-80D1ADD16FF2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FCF2AEE3-679B-42F1-912E-DDECB51D7A26}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{1D22E267-D04F-47C2-A480-FFEAAF938984}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{1D9956B5-BA69-498F-A981-AE32AC3A094C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{81DC39DB-9980-4591-A97A-E1D3859A3DBE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{93799BBA-4A78-41B0-8CE8-CF84F8B1235D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{CDD237E4-71BB-4773-AC6E-17221BC2B57C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{DE4CA5AF-3D05-4D2A-88CC-CF326E2E2544}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{FEC615A3-00A5-4A75-A35D-A7A33CE6F226}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{FF71C870-E512-415C-9ECA-E380B76DA8A2}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{29096CBD-7A4A-4FDF-9CF2-4B950E5ED7CB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{2C106A50-474A-4C67-9B7A-005DBDE23F89}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{2ED8FDAB-AD71-4B6B-864A-A32C5B33FB10}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{35A21830-437E-47A7-8D5F-B2206A39DC6B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{6B118DDF-8568-45A8-BFC5-A9BCABF10379}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{8653AACB-F8A9-4B0F-B2EA-49405B0FC844}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{C4468B71-2A1F-4BEA-9CDD-7238EE3FE4AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CE5A4F00-5287-4648-9765-0282DDF368DA}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{084F0F60-DA25-4A86-A954-1BE5FE19E495}" = TSR Launcher "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7AFDF9AE-66B2-4A1F-8249-32EF14B97150}" = ArcSoft PhotoImpression 5 "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = IC 445C Webcam "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EDC66A92-4603-4D72-B28C-570075B55DF0}" = USB Wireless Keyboard Driver "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "AC3Filter" = AC3Filter (remove only) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "CoC" = Call of Combat "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "DivX Setup.divx.com" = DivX-Setup "EA Download Manager" = EA Download Manager "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IncrediMail" = IncrediMail 2.0 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Picasa2" = Picasa 2 "RealPlayer 12.0" = RealPlayer "S2TNG" = Die Siedler II - Die nächste Generation "TS3 Install Helper Monkey" = TS3 Install Helper Monkey "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.9 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Wondershare Photo Collage Studio_is1" = Wondershare Photo Collage Studio 4.2.9.2 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Antimalware Doctor" = Antimalware Doctor ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. |
hab ich gemacht. hier die log: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\gotnewupdate000.exe not found. File C:\Users\Nicki\AppData\Roaming\48ECF69966B42005A4F642F42C6D2D79\gotnewupdate000.exe not found. C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP folder moved successfully. C:\Users\Nicki\AppData\Roaming\qvjsge.dat moved successfully. C:\Windows\Tfyfoa.exe moved successfully. C:\PA7302.DAT moved successfully. C:\Windows\mswsyst.doc moved successfully. File C:\Windows\System32\drivers\psxrt.sys not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 83 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Nicki ->Temp folder emptied: 88244341 bytes ->Temporary Internet Files folder emptied: 100038350 bytes ->Java cache emptied: 14499996 bytes ->FireFox cache emptied: 95404875 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 153293 bytes ->Flash cache emptied: 53634 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2203153 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 287,00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05072010_015048 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
Ok. Dann mach jetzt mal mit CF weiter: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
habe alles nach anweisung gemacht. hier die Log datei: ComboFix 10-05-06.05 - Nicki 07.05.2010 17:45:33.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2204 [GMT 2:00] ausgeführt von:: c:\users\Nicki\Desktop\cofi.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\users\Nicki\AppData\Roaming\48ECF69966B42005A4F642F42C6D2D79 c:\users\Nicki\AppData\Roaming\48ECF69966B42005A4F642F42C6D2D79\enemies-names.txt c:\users\Nicki\AppData\Roaming\48ECF69966B42005A4F642F42C6D2D79\lsrslt.ini c:\users\Nicki\AppData\Roaming\PnkBstrK.sys c:\users\Nicki\TS3InstallHelper.exe c:\windows\system32\%appdata% . ((((((((((((((((((((((( Dateien erstellt von 2010-04-07 bis 2010-05-07 )))))))))))))))))))))))))))))) . 2010-05-07 15:31 . 2010-05-07 15:44 -------- d-----w- C:\ComboFix 2010-05-06 23:50 . 2010-05-06 23:50 -------- d-----w- C:\_OTL 2010-05-05 19:52 . 2010-05-05 19:52 -------- d-----w- c:\program files\Enigma Software Group 2010-05-04 17:26 . 2010-05-04 17:26 -------- d-----w- c:\program files\trend micro 2010-05-04 17:26 . 2010-05-04 17:27 -------- d-----w- C:\rsit 2010-05-04 17:03 . 2010-05-04 17:03 -------- d-----w- c:\users\Nicki\AppData\Roaming\Malwarebytes 2010-05-04 17:03 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-04 17:03 . 2010-05-04 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-04 17:03 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-04 16:55 . 2010-05-06 00:57 -------- d-----w- c:\program files\Common Files\PC Tools 2010-04-21 20:51 . 2010-04-21 20:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-04-21 20:51 . 2010-05-07 15:21 -------- d-----w- c:\users\Nicki\AppData\Roaming\skypePM 2010-04-21 20:46 . 2010-05-07 15:34 -------- d-----w- c:\users\Nicki\AppData\Roaming\Skype 2010-04-21 20:46 . 2010-04-21 20:46 -------- d-----w- c:\program files\Common Files\Skype 2010-04-21 20:46 . 2010-04-21 20:46 -------- d-----r- c:\program files\Skype 2010-04-20 20:27 . 2010-04-20 20:27 -------- d-----w- c:\users\Nicki\AppData\Local\MigWiz 2010-04-20 20:14 . 2010-04-20 20:14 -------- d-----w- c:\program files\NVIDIA Corporation 2010-04-20 20:02 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-04-20 19:17 . 2010-04-20 20:29 -------- d-----w- c:\program files\Wecker6 2010-04-13 23:51 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-13 23:51 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-13 23:51 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-13 23:51 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-13 23:51 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-13 23:51 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-13 23:51 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-13 23:51 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-13 23:51 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-13 22:16 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-13 22:16 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-11 14:22 . 2010-04-11 14:45 -------- d-----w- c:\users\Nicki\AppData\Roaming\Ventrilo 2010-04-11 14:22 . 2010-04-11 14:22 -------- d-----w- c:\program files\Ventrilo 2010-04-10 11:30 . 2010-04-10 11:30 -------- d-----w- c:\program files\Common Files\Adobe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-07 15:38 . 2010-05-07 15:38 -------- d-----w- c:\program files\CCleaner 2010-05-07 15:38 . 2009-10-18 15:30 -------- d-----w- c:\program files\Yahoo! 2010-05-07 15:26 . 2009-03-26 00:13 618204 ----a-w- c:\windows\system32\perfh007.dat 2010-05-07 15:26 . 2009-03-26 00:13 122636 ----a-w- c:\windows\system32\perfc007.dat 2010-05-06 00:57 . 2010-03-23 21:28 -------- d-----w- c:\program files\OXXOGames 2010-05-06 00:51 . 2009-05-28 19:13 -------- d-----w- c:\program files\DivX 2010-05-05 20:51 . 2009-05-25 16:01 -------- d-----w- c:\program files\Google 2010-05-05 19:59 . 2009-06-21 15:55 -------- d-----w- c:\program files\Common Files\Apple 2010-05-05 19:51 . 2009-04-17 13:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-04 19:14 . 2009-06-14 07:22 -------- d-----w- c:\users\Nicki\AppData\Roaming\ICQ 2010-05-04 15:38 . 2010-04-01 05:13 443912 ----a-w- c:\users\Nicki\AppData\Roaming\Real\Update\setup3.11\setup.exe 2010-04-26 08:25 . 2010-03-15 18:12 4544 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-04-20 20:30 . 2010-03-03 21:03 -------- d-----w- c:\program files\Vodafone 2010-04-20 20:25 . 2009-05-25 16:02 83696 ----a-w- c:\users\Nicki\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-14 01:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-12 19:42 . 2009-05-28 19:13 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-04-07 11:01 . 2010-02-28 16:54 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-03 16:27 . 2010-04-03 16:27 985704 ----a-w- c:\windows\system32\nvsvc.dll 2010-04-03 16:27 . 2010-04-03 16:27 66664 ----a-w- c:\windows\system32\nvshext.dll 2010-04-03 16:27 . 2010-04-03 16:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll 2010-04-03 16:27 . 2010-04-03 16:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-04-03 16:27 . 2010-04-03 16:27 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-04-03 09:32 . 2009-06-21 15:58 -------- d-----w- c:\users\Nicki\AppData\Roaming\Apple Computer 2010-04-01 13:15 . 2010-04-01 13:13 21308912 ----a-w- c:\users\Nicki\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold_de.exe 2010-04-01 13:13 . 2010-04-01 13:13 79368 ----a-w- c:\users\Nicki\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe 2010-04-01 13:13 . 2010-04-01 13:13 64000 ----a-w- c:\users\Nicki\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll 2010-04-01 13:13 . 2010-04-01 13:13 52288 ----a-w- c:\users\Nicki\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll 2010-04-01 13:13 . 2010-04-01 13:13 50688 ----a-w- c:\users\Nicki\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll 2010-04-01 13:13 . 2010-04-01 13:13 49152 ----a-w- c:\users\Nicki\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll 2010-04-01 13:13 . 2010-04-01 13:13 118784 ----a-w- c:\users\Nicki\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll 2010-04-01 07:56 . 2010-04-01 07:56 106052 ---ha-w- c:\windows\system32\mlfcache.dat 2010-04-01 07:54 . 2010-04-01 07:54 -------- d-----w- c:\program files\Safari 2010-04-01 07:31 . 2010-04-01 07:30 -------- d-----w- c:\program files\QuickTime 2010-04-01 01:19 . 2009-04-02 13:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-31 21:47 . 2009-08-25 10:13 -------- d-----w- c:\users\Nicki\AppData\Roaming\dvdcss 2010-03-28 17:45 . 2009-11-30 15:00 -------- d-----w- c:\program files\Electronic Arts 2010-03-16 21:18 . 2010-03-16 21:18 -------- d-----w- c:\program files\MSECache 2010-03-16 20:45 . 2010-03-16 20:45 0 ----a-w- c:\users\Nicki\AppData\Roaming\wklnhst.dat 2010-03-15 18:12 . 2010-03-15 18:12 8 --sh--r- c:\windows\system32\58B397C290.sys 2010-03-15 18:12 . 2009-07-27 12:14 -------- d-----w- c:\users\Nicki\AppData\Roaming\Corel 2010-02-24 08:16 . 2009-10-02 19:40 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-31 07:05 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-31 07:05 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-03-31 07:05 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-03-31 07:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-22 18:13 . 2010-03-14 20:24 52224 ----a-w- c:\users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\147mpres.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll 2010-02-22 18:13 . 2010-03-14 20:24 101376 ----a-w- c:\users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\147mpres.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll 2010-02-20 23:06 . 2010-03-11 19:53 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-11 19:53 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-11 19:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-03-11 14:14 . 2009-03-11 14:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "ICQ"="c:\progra~1\ICQ6.5\ICQ.exe" [2009-11-16 172792] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-01-13 349640] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048] "CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936] "ledpointer"="CNYHKey.exe" [2006-11-09 5585408] "MoLed"="ModLEDKey.exe" [2006-11-09 53248] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-08 202256] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):55,38,b6,4e,53,e1,c9,01 R3 {C8DA951C-28EC-4447-A8A1771588F7FDF5};{C8DA951C-28EC-4447-A8A1771588F7FDF5};c:\windows\System32\svchost.exe [2008-01-21 21504] R3 {DCA4092B-E279-43EF-B462FE20F9740F51};{DCA4092B-E279-43EF-B462FE20F9740F51};c:\windows\System32\svchost.exe [2008-01-21 21504] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-05-27 90536] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496] R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-05-27 111912] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-05-27 117672] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/22 16:10];c:\program files\HomeCinema\PowerDVD9\000.fcl [2009-03-30 15:53 87536] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - psxrt [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs {DCA4092B-E279-43EF-B462FE20F9740F51} {C8DA951C-28EC-4447-A8A1771588F7FDF5} [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-01-27 20:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners 2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{79D56AA5-42EF-401D-AF9A-66E44CE88761}.job - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://mystart.incredimail.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 IE: {{7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E} - FF - ProfilePath - c:\users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\147mpres.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={92DD173C-9CE2-7B17-952B-D325A6DB5086}&q= FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\147mpres.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\users\Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\147mpres.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - Entfernte verwaiste Registrierungseinträge - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4} ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-05-07 17:54 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\HomeCinema\PowerDVD9\000.fcl" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{C8DA951C-28EC-4447-A8A1771588F7FDF5}] "ServiceDll"="c:\users\Nicki\AppData\Local\Temp\DEE3.tmp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{DCA4092B-E279-43EF-B462FE20F9740F51}] "ServiceDll"="c:\users\Nicki\AppData\Local\Temp\DEE3.tmp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\psxrt] . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-3606352164-1597415557-2339922015-1000\Software\SecuROM\License information*] "datasecu"=hex:5b,74,2e,96,e5,69,f9,6a,26,16,6a,80,19,01,8e,ab,87,4f,07,be,c5, 5d,b7,de,14,be,4b,ca,c1,85,ec,b1,87,16,6e,0c,21,76,4f,e2,0b,87,61,37,10,c0,\ "rkeysecu"=hex:24,82,7c,81,05,6d,4c,97,6d,79,9d,89,29,ce,42,ec [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(4584) c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\conime.exe c:\windows\CNYHKey.exe c:\windows\ModLEDKey.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\PSIService.exe c:\program files\Cyberlink\Shared files\RichVideo.exe c:\windows\ehome\ehmsas.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\IncrediMail\bin\IMApp.exe c:\windows\system32\wbem\unsecapp.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-05-07 17:56:57 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-05-07 15:56 Vor Suchlauf: 8 Verzeichnis(se), 773.126.778.880 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 773.190.619.136 Bytes frei - - End Of File - - 7478FB2EC9CE8B6EA5E38BB98335A790 |
Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen: http://mitglied.lycos.de/efunction/tb123/avenger.png 3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code: files to delete:5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken |
hier der log: Logfile of The Avenger Version 2.0, (c) by Swandog46 hxxp://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "c:\users\Nicki\AppData\Local\Temp\DEE3.tmp" not found! Deletion of file "c:\users\Nicki\AppData\Local\Temp\DEE3.tmp" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry key "HKLM\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}" deleted successfully. Registry key "HKLM\SYSTEM\ControlSet001\Services\{C8DA951C-28EC-4447-A8A1771588F7FDF5}" deleted successfully. Registry key "HKLM\SYSTEM\ControlSet001\Services\{DCA4092B-E279-43EF-B462FE20F9740F51}" deleted successfully. Error: could not open registry key "HKLM\SYSTEM\ControlSet001\Services\psxrt" for deletion Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\psxrt" failed! Status: 0xc0000001 (STATUS_UNSUCCESSFUL) Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\{C8DA951C-28EC-4447-A8A1771588F7FDF5}" not found! Deletion of driver "{C8DA951C-28EC-4447-A8A1771588F7FDF5}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\{DCA4092B-E279-43EF-B462FE20F9740F51}" not found! Deletion of driver "{DCA4092B-E279-43EF-B462FE20F9740F51}" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
und hier der link von file-upload.net hxxp://www.file-upload.net/download-2497904/backup.zip.html |
hä des geht irgendwie nicht?? ich gehe auf link einfügen und kpiere einfach die adresse rein...? aber man kann es nicht anklicken File-Upload.net - backup.zip |
Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
also hab gerade malware nochmal durchlaufen lassen und es hatte immernoch 1 fund :( ( das andere programm lasse ich nun über nacht laufen und poste morgen ) hier der log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4076 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 08.05.2010 00:57:01 mbam-log-2010-05-08 (00-57-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 266176 Laufzeit: 49 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\drivers\psxrt.sys (Rootkit.Agent) -> Quarantined and deleted successfully. |
Ja, da ist leider noch mehr. Poste bitte nach SASW auch Logs von GMER und OSAM |
okay superantispyware log: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/08/2010 at 02:37 AM Application Version : 4.37.1000 Core Rules Database Version : 4904 Trace Rules Database Version: 2716 Scan type : Complete Scan Total Scan Time : 01:20:47 Memory items scanned : 767 Memory threats detected : 0 Registry items scanned : 7735 Registry threats detected : 0 File items scanned : 149617 File threats detected : 4 Adware.Tracking Cookie C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Cookies\nicki@bs.serving-sys[3].txt C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Cookies\nicki@serving-sys[2].txt C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Cookies\nicki@atdmt[1].txt Trojan.Agent/Gen-FakeAlert C:\_OTL\MOVEDFILES\05072010_015048\C_WINDOWS\TFYFOA.EXE |
hier der log vom GMER GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-05-10 08:45:48 Windows 6.0.6002 Service Pack 2 Running: r7wfxw7b.exe; Driver: C:\Users\Nicki\AppData\Local\Temp\pwlcqpoc.sys ---- System - GMER 1.0.15 ---- SSDT 8DBE3324 ZwCreateThread SSDT 8DBE3310 ZwOpenProcess SSDT 8DBE3315 ZwOpenThread SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x900B3950] <-- ROOTKIT !!! ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 822C1984 4 Bytes [24, 33, BE, 8D] .text ntkrnlpa.exe!KeSetEvent + 3F1 822C1B54 4 Bytes [10, 33, BE, 8D] .text ntkrnlpa.exe!KeSetEvent + 40D 822C1B70 4 Bytes [15, 33, BE, 8D] .text ntkrnlpa.exe!KeSetEvent + 621 822C1D84 4 Bytes [50, 39, 0B, 90] {PUSH EAX; CMP [EBX], ECX; NOP } ? System32\Drivers\psxrt.sys Ein an das System angeschlossenes Gerät funktioniert nicht. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1780] ntdll.dll!LdrLoadDll 77DA9390 5 Bytes JMP 002713F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!SetWindowsHookExW 77C187AD 5 Bytes JMP 6ED59A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CallNextHookEx 77C18E3B 5 Bytes JMP 6ED4D101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!UnhookWindowsHookEx 77C198DB 5 Bytes JMP 6ECC466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CreateWindowExW 77C21305 5 Bytes JMP 6ED5DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxParamW 77C410B0 5 Bytes JMP 6EC85505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxIndirectParamW 77C42EF5 5 Bytes JMP 6EE5473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxParamA 77C58152 5 Bytes JMP 6EE546DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxIndirectParamA 77C5847D 5 Bytes JMP 6EE547A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxIndirectA 77C6D4D9 5 Bytes JMP 6EE54671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxIndirectW 77C6D5D3 5 Bytes JMP 6EE54606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxExA 77C6D639 5 Bytes JMP 6EE545A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxExW 77C6D65D 5 Bytes JMP 6EE54542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] ole32.dll!OleLoadFromStream 775C1E12 5 Bytes JMP 6EE54AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] ole32.dll!CoCreateInstance 775F9EA6 5 Bytes JMP 6ED5DB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] ws2_32.dll!closesocket 772D330C 5 Bytes JMP 65EFEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] ws2_32.dll!recv 772D343A 5 Bytes JMP 65EFF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] ws2_32.dll!socket 772D36D1 5 Bytes JMP 65EFE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] ws2_32.dll!connect 772D40D9 5 Bytes JMP 65EFE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] ws2_32.dll!getaddrinfo 772D418A 5 Bytes JMP 65EFE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2156] ws2_32.dll!send 772D659B 5 Bytes JMP 65EFE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!CreateWindowExW 77C21305 5 Bytes JMP 6ED5DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!DialogBoxParamW 77C410B0 5 Bytes JMP 6EC85505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!DialogBoxIndirectParamW 77C42EF5 5 Bytes JMP 6EE5473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!DialogBoxParamA 77C58152 5 Bytes JMP 6EE546DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!DialogBoxIndirectParamA 77C5847D 5 Bytes JMP 6EE547A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!MessageBoxIndirectA 77C6D4D9 5 Bytes JMP 6EE54671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!MessageBoxIndirectW 77C6D5D3 5 Bytes JMP 6EE54606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!MessageBoxExA 77C6D639 5 Bytes JMP 6EE545A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2772] USER32.dll!MessageBoxExW 77C6D65D 5 Bytes JMP 6EE54542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 87E774A8 Device \Driver\USBSTOR \Device\00000065 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\iaStor \Device\Ide\iaStor0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\USBSTOR \Device\00000066 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\USBSTOR \Device\00000067 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\USBSTOR \Device\00000068 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [BOOT] psxrt <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\psxrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\psxrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\psxrt@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\psxrt@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\psxrt@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\psxrt@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\psxrt@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\psxrt@Group Boot Bus Extender ---- EOF - GMER 1.0.15 ---- |
und hier OSAM Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 09:07:20 on 10.05.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "Profos" (Profos) - ? - C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys (File not found) "psxrt" (psxrt) - ? - C:\Windows\system32\drivers\psxrt.sys (Hidden registry entry, rootkit activity | File not found) "pwlcqpoc" (pwlcqpoc) - ? - C:\Users\Nicki\AppData\Local\Temp\pwlcqpoc.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) "CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL {C8FA495F-F131-42B0-8AB8-B119A674AF8E} "Wecker-Alarm" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent "IncrediMail" - "IncrediMail, Ltd." - C:\Program Files\IncrediMail\bin\IncMail.exe /c "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared Files\brs.exe "CLMLServer" - "CyberLink" - "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "ledpointer" - "Chicony" - CNYHKey.exe "MoLed" - "Chicony" - ModLEDKey.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\PROGRA~1\SUPER-~1.DE\SUPER-~1.SCR (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
Code: "psxrt" (psxrt) - ? - C:\Windows\system32\drivers\psxrt.sys (Hidden registry entry, rootkit activity | File not found)Poste danach neue Logs mti GMER und OSAM |
hab ich gemacht hier Osam: ( muss jetzt neustarten ) Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:55:10 on 10.05.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "Profos" (Profos) - ? - C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) "CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL {C8FA495F-F131-42B0-8AB8-B119A674AF8E} "Wecker-Alarm" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent "IncrediMail" - "IncrediMail, Ltd." - C:\Program Files\IncrediMail\bin\IncMail.exe /c "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared Files\brs.exe "CLMLServer" - "CyberLink" - "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "ledpointer" - "Chicony" - CNYHKey.exe "MoLed" - "Chicony" - ModLEDKey.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\PROGRA~1\SUPER-~1.DE\SUPER-~1.SCR (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
also ich weis nicht...ich glaube igrendwas ist jetzt schief gegangen. ich wollte gmer ausführen und mitten im scan bricht es ab und der bildschirm wird blau und es heist dann "a problem has been detected" ( weiter konnte ich nicht lesen ) dann gab es nen neustart und beim neustart hies es dann "windows normal ausführen oder im abgesicherten modus?" habe dann eben normal genommen.... was hat das zu bedeuten??? ich versuche jetzt mal das andere programm auszuführen ob es da mit dem log klappt |
also das müsste das neue OSAM log sein aber wie gesagt gmer geht nicht.. Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 13:15:27 on 10.05.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "Profos" (Profos) - ? - C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) "CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (HTTP value) "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL {C8FA495F-F131-42B0-8AB8-B119A674AF8E} "Wecker-Alarm" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent "IncrediMail" - "IncrediMail, Ltd." - C:\Program Files\IncrediMail\bin\IncMail.exe /c "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared Files\brs.exe "CLMLServer" - "CyberLink" - "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "ledpointer" - "Chicony" - CNYHKey.exe "MoLed" - "Chicony" - ModLEDKey.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\PROGRA~1\SUPER-~1.DE\SUPER-~1.SCR (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
GMER stürzt leider rel. häufig ab, ist leider so :( OSAM sieht gut aus, der deaktivierte und gelöschte Eintrag tauchte auch so nicht mehr auf. Mach mal bitte zur Kontrolle: - Vollscan mit Malwarebytes und Superantispyware (beide Tools unbedingt vorher aktualisieren!) - frische Logfiles mit OTL.exe |
es ist noch nciht vorbei :( und ich hatte mich schon gefreut.... also malwarebytes läuft noch ohne befund bisher aber gerade eben poppt mein Antivir guard nen fund auf... C:/windows/system32/drivers/psxrt.sys ist das trojanische pferd TR/rootkit.gen was soll ich damit machen?? - in quarantäne verschieben - löschen - umbennen - Zugriff verweigern - ignorieren |
Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen: http://mitglied.lycos.de/efunction/tb123/avenger.png 3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code: files to delete:5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken 9.) Wie vorhin beschrieben die Kontrollscans machen |
hier avenger: Logfile of The Avenger Version 2.0, (c) by Swandog46 hxxp://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "c:\windows\system32\drivers\psxrt.sys" not found! Deletion of file "c:\windows\system32\drivers\psxrt.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\psxrt.sys" not found! Deletion of driver "psxrt.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\psxrt" not found! Deletion of driver "psxrt" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
hier das backup zip hxxp://www.file-upload.net/download-2506302/backup.zip.html |
hier mal OTL neu: OTL logfile created on: 10.05.2010 21:19:46 - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Nicki\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 11,00 Gb Paging File | 10,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,51 Gb Total Space | 721,01 Gb Free Space | 79,10% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 8,94 Gb Free Space | 44,69% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NICKI-PC Current User Name: Nicki Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Nicki\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\ModLEDKey.exe (Chicony) PRC - C:\Windows\CNYHKey.exe (Chicony) PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (SafeList) ========== MOD - C:\Users\Nicki\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 16 90 B3 3C 86 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.7.3 FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={92DD173C-9CE2-7B17-952B-D325A6DB5086}&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.08 09:09:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 19:13:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 13:49:49 | 000,000,000 | ---D | M] [2009.05.30 18:50:45 | 000,000,000 | ---D | M] -- C:\Users\Nicki\AppData\Roaming\mozilla\Extensions [2010.05.09 00:19:05 | 000,000,000 | ---D | M] -- C:\Users\Nicki\AppData\Roaming\mozilla\Firefox\Profiles\147mpres.default\extensions [2009.07.23 21:11:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nicki\AppData\Roaming\mozilla\Firefox\Profiles\147mpres.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.18 18:26:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nicki\AppData\Roaming\mozilla\Firefox\Profiles\147mpres.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.03.14 22:24:01 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Nicki\AppData\Roaming\mozilla\Firefox\Profiles\147mpres.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2009.08.31 01:20:30 | 000,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Users\Nicki\AppData\Roaming\mozilla\Firefox\Profiles\147mpres.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} [2009.07.27 20:27:47 | 000,000,681 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\Mozilla\FireFox\Profiles\147mpres.default\searchplugins\ask.xml [2009.10.27 15:30:46 | 000,002,171 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\Mozilla\FireFox\Profiles\147mpres.default\searchplugins\bing.xml [2009.08.31 01:20:32 | 000,005,407 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\Mozilla\FireFox\Profiles\147mpres.default\searchplugins\fast-browser-search.xml [2010.05.06 23:03:14 | 000,000,944 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\Mozilla\FireFox\Profiles\147mpres.default\searchplugins\icqplugin.xml [2010.01.13 19:03:55 | 000,002,149 | ---- | M] () -- C:\Users\Nicki\AppData\Roaming\Mozilla\FireFox\Profiles\147mpres.default\searchplugins\MyStart Search.xml [2009.05.30 18:50:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.14 21:56:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 21:56:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.09.01 14:48:57 | 000,003,700 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.png [2009.09.01 14:48:56 | 000,001,963 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.xml [2010.03.14 21:56:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 21:56:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 21:56:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.07 17:51:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ledpointer] C:\Windows\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [MoLed] C:\Windows\ModLEDKey.exe (Chicony) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.22 01:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.10 21:14:25 | 000,000,000 | ---D | C] -- C:\Avenger [2010.05.10 12:47:30 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\Online Solutions [2010.05.10 08:55:51 | 000,000,000 | ---D | C] -- C:\Users\Nicki\Desktop\osam [2010.05.08 01:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.05.08 01:05:31 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\SUPERAntiSpyware.com [2010.05.08 01:05:31 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.05.07 17:56:59 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.05.07 17:51:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2010.05.07 17:44:23 | 000,000,000 | ---D | C] -- C:\cofi [2010.05.07 17:44:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.05.07 17:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion [2010.05.07 17:38:02 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.05.07 17:31:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.05.07 17:31:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.05.07 17:31:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.05.07 17:31:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.05.07 17:31:43 | 000,000,000 | ---D | C] -- C:\ComboFix [2010.05.07 17:31:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.05.07 01:50:48 | 000,000,000 | ---D | C] -- C:\_OTL [2010.05.06 11:34:05 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Nicki\Desktop\OTL.exe [2010.05.05 21:52:28 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2010.05.04 19:26:52 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.05.04 19:26:51 | 000,000,000 | ---D | C] -- C:\rsit [2010.05.04 19:03:24 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\Malwarebytes [2010.05.04 19:03:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.04 19:03:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.04 19:03:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.04 19:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.04 18:55:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2010.05.03 11:12:49 | 000,000,000 | ---D | C] -- C:\Users\Nicki\Desktop\1.5 [2010.04.29 22:04:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.26 00:03:34 | 000,000,000 | ---D | C] -- C:\Users\Nicki\Desktop\bbq [2010.04.21 22:51:09 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\skypePM [2010.04.21 22:46:33 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\Skype [2010.04.21 22:46:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.04.21 22:46:21 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.04.21 22:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.04.20 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Local\MigWiz [2010.04.20 22:14:02 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.04.20 22:02:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.04.20 21:17:57 | 000,000,000 | ---D | C] -- C:\Programme\Wecker6 [2010.04.14 01:51:47 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.14 01:51:47 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.14 01:51:45 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.14 01:51:38 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2010.04.14 01:51:38 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2010.04.13 23:04:57 | 027,592,056 | ---- | C] (EA Digital Illusions CE AB) -- C:\Users\Nicki\Desktop\BFBC2Game.exe [2010.04.12 18:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.04.11 16:22:13 | 000,000,000 | ---D | C] -- C:\Users\Nicki\AppData\Roaming\Ventrilo [2010.04.11 16:22:04 | 000,000,000 | ---D | C] -- C:\Programme\Ventrilo ========== Files - Modified Within 30 Days ========== [2010.05.10 21:19:36 | 003,670,016 | -HS- | M] () -- C:\Users\Nicki\ntuser.dat [2010.05.10 21:14:50 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.05.10 21:14:50 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.05.10 21:14:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.10 21:14:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.10 21:14:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.10 21:14:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.10 21:13:56 | 000,524,288 | -HS- | M] () -- C:\Users\Nicki\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.10 21:13:56 | 000,065,536 | -HS- | M] () -- C:\Users\Nicki\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.10 13:09:15 | 266,242,972 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.05.10 12:35:31 | 002,054,865 | -H-- | M] () -- C:\Users\Nicki\AppData\Local\IconCache.db [2010.05.10 08:53:25 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79D56AA5-42EF-401D-AF9A-66E44CE88761}.job [2010.05.09 23:20:42 | 000,293,376 | ---- | M] () -- C:\Users\Nicki\Desktop\r7wfxw7b.exe [2010.05.08 01:07:08 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.08 01:07:08 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.08 01:07:08 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.08 01:07:08 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.08 01:07:08 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.08 01:05:33 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.07 17:51:35 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.05.07 17:51:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.05.07 17:38:03 | 000,001,674 | ---- | M] () -- C:\Users\Nicki\Desktop\CCleaner.lnk [2010.05.07 17:34:19 | 003,684,042 | R--- | M] () -- C:\Users\Nicki\Desktop\cofi.exe [2010.05.06 11:34:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Nicki\Desktop\OTL.exe [2010.05.06 02:51:07 | 000,001,398 | ---- | M] () -- C:\Users\Nicki\Desktop\DivX Movies.lnk [2010.05.05 08:34:27 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.05.04 19:03:17 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.03 23:28:29 | 006,717,440 | ---- | M] () -- C:\Users\Nicki\Desktop\The Suppliers feat Gorilla Zoe Leave Me Alone [2010].mp3 [2010.05.03 14:24:08 | 002,410,017 | ---- | M] () -- C:\Users\Nicki\Desktop\P1050883.JPG [2010.05.03 14:23:52 | 002,387,358 | ---- | M] () -- C:\Users\Nicki\Desktop\P1050882.JPG [2010.04.29 16:02:45 | 000,318,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe [2010.04.26 10:25:51 | 000,004,544 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2010.04.25 14:28:46 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.04.22 08:18:03 | 000,023,040 | ---- | M] () -- C:\Users\Nicki\Desktop\AROTEL,+Hotelfachfrau.doc [2010.04.22 08:17:41 | 000,034,304 | ---- | M] () -- C:\Users\Nicki\Desktop\Nicki Lebenslauf.doc [2010.04.22 08:17:28 | 000,025,088 | ---- | M] () -- C:\Users\Nicki\Desktop\Bewerbung 1.FCN.doc [2010.04.21 22:51:10 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010.04.20 22:25:42 | 000,083,696 | ---- | M] () -- C:\Users\Nicki\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.13 23:08:59 | 000,000,457 | ---- | M] () -- C:\Windows\win.ini [2010.04.11 16:22:05 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk [2010.04.11 16:22:05 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini ========== Files Created - No Company Name ========== [2010.05.10 13:03:50 | 266,242,972 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.05.09 23:20:42 | 000,293,376 | ---- | C] () -- C:\Users\Nicki\Desktop\r7wfxw7b.exe [2010.05.08 01:05:33 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.05.07 23:09:29 | 002,387,358 | ---- | C] () -- C:\Users\Nicki\Desktop\P1050882.JPG [2010.05.07 23:09:27 | 002,410,017 | ---- | C] () -- C:\Users\Nicki\Desktop\P1050883.JPG [2010.05.07 22:42:30 | 000,731,136 | ---- | C] () -- C:\Users\Nicki\Desktop\avenger.exe [2010.05.07 17:38:03 | 000,001,674 | ---- | C] () -- C:\Users\Nicki\Desktop\CCleaner.lnk [2010.05.07 17:33:54 | 003,684,042 | R--- | C] () -- C:\Users\Nicki\Desktop\cofi.exe [2010.05.07 17:31:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.05.07 17:31:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.05.07 17:31:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.05.07 17:31:48 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.05.07 17:31:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.05.06 02:51:07 | 000,001,398 | ---- | C] () -- C:\Users\Nicki\Desktop\DivX Movies.lnk [2010.05.04 19:03:17 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.04 11:19:41 | 000,327,655 | ---- | C] () -- C:\Users\Nicki\Desktop\TS3InstallHelper.exe [2010.05.03 23:28:20 | 006,717,440 | ---- | C] () -- C:\Users\Nicki\Desktop\The Suppliers feat Gorilla Zoe Leave Me Alone [2010].mp3 [2010.04.22 08:18:03 | 000,023,040 | ---- | C] () -- C:\Users\Nicki\Desktop\AROTEL,+Hotelfachfrau.doc [2010.04.22 08:17:41 | 000,034,304 | ---- | C] () -- C:\Users\Nicki\Desktop\Nicki Lebenslauf.doc [2010.04.22 08:17:27 | 000,025,088 | ---- | C] () -- C:\Users\Nicki\Desktop\Bewerbung 1.FCN.doc [2010.04.21 22:51:10 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.04.21 22:46:22 | 000,002,379 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.04.20 22:25:36 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.04.20 22:15:19 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.04.11 16:22:05 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk [2010.04.11 16:22:03 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.03.15 20:12:07 | 000,004,544 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.03.15 20:12:07 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\58B397C290.sys [2010.01.08 18:43:14 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.01.08 18:43:14 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.01.04 01:20:51 | 000,000,769 | ---- | C] () -- C:\Windows\System32\Remover.ini [2010.01.04 01:20:47 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini [2009.05.30 19:16:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.28 21:01:47 | 000,049,152 | ---- | C] () -- C:\Windows\CNYUSB.dll [2009.05.28 21:01:47 | 000,005,120 | ---- | C] () -- C:\Windows\HKCYDLL.dll [2009.05.28 21:01:47 | 000,000,360 | ---- | C] () -- C:\Windows\CNYHKey.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Nicki\Winkelhaid.MP4:TOC.WMV @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > UND OTL Extras logfile created on: 10.05.2010 21:19:46 - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Nicki\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 11,00 Gb Paging File | 10,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,51 Gb Total Space | 721,01 Gb Free Space | 79,10% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 8,94 Gb Free Space | 44,69% Space Free | Partition Type: FAT32 Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NICKI-PC Current User Name: Nicki Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11CA77E7-F1FD-40C5-A32F-582FA4559D2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{18A0DE4C-5881-4499-B025-16C71FAB412F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2035D12A-EC8B-4DAC-BD35-B2523A6176E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2BC3FCC2-FAF5-4487-9258-C90CD47FA09B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{65DBA05A-C14E-457C-930F-EA877D05A607}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9E8A6C3E-91CE-4835-BAB2-3E8E63C5B2B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B615C5B0-5EB7-440C-A35D-320BE195B4CE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CBC4E875-E3F0-4B2A-922C-EBB084ACBB96}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D365F771-8669-4129-8040-F0AD80AF194C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DA435306-E610-46E9-B6D5-4564E1278664}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01289BDB-3E16-4B9E-BDF9-23ADB6C9B755}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{02B1A3A3-E6F9-4601-A3B3-B8CEE05BE901}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{08597C1D-44A4-47ED-A9A4-046270B96F05}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{08936A35-3659-4E2C-93FA-BBEDC75CB45A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0F7A39B8-D926-44DC-8EEB-DB5B4521485C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{197E23C6-013E-4F40-A56A-E5684954C6C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1B93DF3D-A46B-4045-936D-8B424755DB3D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1EB804D1-EB32-4D11-9B9F-53EA83FC0043}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{1FF96453-C5AB-4B5F-A6C2-B89B454DA06F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{31477827-5A34-4E54-894F-5BE0BDFA835F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3C3ACA75-008C-4000-B9D9-0FE0C7C78116}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{42E61098-C987-4275-9047-A0132F0F6CFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4974A401-2913-4506-A192-C6AD02CF9B54}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4D26C4C5-7A38-43B2-9F4D-F7B810F4DAE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{53CC1E4C-C15B-45F5-BB5D-F874CA3D87B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C5D76A8-3840-4349-97B5-C5C189D9C722}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd9.exe | "{6B756CB8-3986-4B2F-A922-7A9A7F1BB551}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{77C14804-4AE8-4823-A9A4-96132BF87486}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{7E7F529C-E564-4F62-AA95-6077EF5F77D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{97C53395-38A2-4974-82ED-41732FE363FA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{9EF05520-E8FE-4522-A530-A84AC1D77184}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{9FB70E68-9F42-455F-9F5C-3C4C91FEA54D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A0C1590B-F32A-4CF5-8087-BB044EDE6FFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A24004F0-77D9-400D-8BEA-56D89CE9A615}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B51C8116-62C1-4E20-89BF-568F6DD9C216}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{BBD19D14-31C2-4E0B-985A-7768A44ABFDA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{BF0D81E1-7F1A-47CD-A6AA-9DE7E2A758A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C2F68B68-19D7-44C1-AF99-289FE83690C7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{C6EB1591-5865-4589-89C2-E3915E42F284}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{CAC1A2DB-443E-4BB2-9FC9-A7E99052CE13}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{D7458E72-8734-45B8-AA42-5972DFB985B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DE6BA96D-2D3E-4F49-B5D2-D4631713EE05}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{E43F8818-C34C-44CB-B93A-8B809D3E57A8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{EE1DB990-200C-4446-BCF6-F266C1FC9182}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{EEE77F78-1376-40D9-8A01-26CB37EF6DE8}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{F255612F-1AEE-4376-8020-C2EA57C383D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F2CE4F20-6583-40CD-83B0-DCA618C6A702}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F2E5F402-7459-4C20-9B2E-97CF508BC0AD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{F60AC12C-D5B9-465B-B58A-03F24F57FFCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F9F8F5F7-42A2-4F07-8648-80D1ADD16FF2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FCF2AEE3-679B-42F1-912E-DDECB51D7A26}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{1D22E267-D04F-47C2-A480-FFEAAF938984}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{1D9956B5-BA69-498F-A981-AE32AC3A094C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{81DC39DB-9980-4591-A97A-E1D3859A3DBE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{93799BBA-4A78-41B0-8CE8-CF84F8B1235D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{CDD237E4-71BB-4773-AC6E-17221BC2B57C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{DE4CA5AF-3D05-4D2A-88CC-CF326E2E2544}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{FEC615A3-00A5-4A75-A35D-A7A33CE6F226}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{FF71C870-E512-415C-9ECA-E380B76DA8A2}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{29096CBD-7A4A-4FDF-9CF2-4B950E5ED7CB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{2C106A50-474A-4C67-9B7A-005DBDE23F89}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{2ED8FDAB-AD71-4B6B-864A-A32C5B33FB10}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{35A21830-437E-47A7-8D5F-B2206A39DC6B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{6B118DDF-8568-45A8-BFC5-A9BCABF10379}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{8653AACB-F8A9-4B0F-B2EA-49405B0FC844}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{C4468B71-2A1F-4BEA-9CDD-7238EE3FE4AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CE5A4F00-5287-4648-9765-0282DDF368DA}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{084F0F60-DA25-4A86-A954-1BE5FE19E495}" = TSR Launcher "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7AFDF9AE-66B2-4A1F-8249-32EF14B97150}" = ArcSoft PhotoImpression 5 "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = IC 445C Webcam "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EDC66A92-4603-4D72-B28C-570075B55DF0}" = USB Wireless Keyboard Driver "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "AC3Filter" = AC3Filter (remove only) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "CoC" = Call of Combat "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "DivX Setup.divx.com" = DivX-Setup "EA Download Manager" = EA Download Manager "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IncrediMail" = IncrediMail 2.0 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Picasa2" = Picasa 2 "RealPlayer 12.0" = RealPlayer "S2TNG" = Die Siedler II - Die nächste Generation "TS3 Install Helper Monkey" = TS3 Install Helper Monkey "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.9 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Wondershare Photo Collage Studio_is1" = Wondershare Photo Collage Studio 4.2.9.2 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
Findet Malwarebytes immer noch psxrt? |
hier der neue malwarebytes log. kein fund mehr. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4085 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 10.05.2010 23:10:29 mbam-log-2010-05-10 (23-10-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 268110 Laufzeit: 58 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
Gut. Dann mach auch bitte einen weiteren Kontrollscan mit SASW und poste das Log. Auch das Tool muss aktualisiert werden. |
hier der log SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/11/2010 at 11:59 PM Application Version : 4.37.1000 Core Rules Database Version : 4919 Trace Rules Database Version: 2731 Scan type : Complete Scan Total Scan Time : 01:24:39 Memory items scanned : 709 Memory threats detected : 0 Registry items scanned : 7733 Registry threats detected : 0 File items scanned : 151081 File threats detected : 5 Adware.Tracking Cookie C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Cookies\nicki@bs.serving-sys[3].txt C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Cookies\nicki@doubleclick[1].txt C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Cookies\nicki@adfarm1.adition[1].txt C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Cookies\nicki@serving-sys[3].txt C:\Users\Nicki\AppData\Roaming\Microsoft\Windows\Cookies\nicki@atdmt[1].txt |
SASW hat nur Cookies gefunden. Rechner wieder normal? |
ich denke? also es poppen keine nachrichten etc mehr auf... ihc hoffe es passt alles :) wenn wieder was kommen sollte dann melde ich mich wieder.. VIELEN VIELEN VIELEN DANK !!!! kann ich irgendwas gutes für dich tun?? dich irgendw voten oder so? :) |
Tu was Gutes und überprüf jetzt Deine Updates! Wenn Du magst kannst Du dem TB was über Paypay spenden (siehe Link in meiner Signatur) :) Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 13:56 Uhr. |
Copyright ©2000-2025, Trojaner-Board