Thema geschlossen
Seite 3 von 4 ErsteErste 1 2 3 4 LetzteLetzte
Zeige Ergebnis 21 bis 30 von 38

Thema: Trojanerbefall führt zu Extremausfall

  1. 22.08.2010 18:33 #21
    pc-jedi
    pc-jedi ist offline
    Senior Team-Mitglied Benutzerbild von pc-jedi
    Registriert seit
    17.07.2009
    Beiträge
    3.643

    AW: Trojanerbefall führt zu Extremausfall

    Fehlende Rückmeldung

    Gibt es Probleme beim Abarbeiten obiger Anleitung, wenn ja welche? Wenn ich innerhalb von fünf Tagen keine Rückmeldung von Dir erhalte, gehe ich davon aus, dass Du nicht mehr weitermachen möchtest und werde diesen Thread kommentarlos schließen, damit Kapazitäten für andere wartende User frei werden.

    Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.
    mfg pc-jedi

    Wenn nicht innerhalb von 48 Stunden antworte schickt mir bitte eine Nachricht mit einem Link zu eurem Thread.
    Neu hier?
  2. 24.08.2010 14:44 #22
    hares
    hares ist offline
    Einsteiger
    Registriert seit
    16.08.2010
    Beiträge
    18

    AW: Trojanerbefall führt zu Extremausfall

    Hey PC-Jedi, sorry das es so lange gedauert hat. War geschäftlich unterwegs.

    Allerdings war nach dem Scan nur eine Logdatei vorhanden. Die Combofix.txt

    Log
    Code:
    ComboFix 10-08-19.02 - Administrator 23.08.2010   8:04.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1033.18.1015.399 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\1pdfdec.dll
c:\programdata\mazuki.dll
c:\users\Administrator\AppData\Local\TempDIR
c:\users\Administrator\AppData\Local\TempDIR\SecureW2_312.exe
c:\users\Administrator\AppData\Local\Windows Server
c:\users\Administrator\AppData\Local\Windows Server\flags.ini
c:\users\Administrator\AppData\Local\Windows Server\server.dat
c:\users\Administrator\AppData\Local\Windows Server\uses32.dat
c:\users\Administrator\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\windows\system32\%appdata%
F:\Autorun.inf

c:\windows\explorer.exe . . . ist infiziert!!

c:\windows\System32\wininit.exe . . . ist infiziert!!

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-23 bis 2010-08-23  ))))))))))))))))))))))))))))))
.

2010-08-23 06:36 . 2010-08-23 06:36	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2010-08-23 06:36 . 2010-08-23 06:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-23 05:59 . 2010-08-23 06:00	--------	d-----w-	C:\32788R22FWJFW
2010-08-22 23:56 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-08-22 23:48 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-22 23:48 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-22 23:48 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-22 23:44 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-21 20:58 . 2010-08-21 20:58	142592	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-21 20:58 . 2010-08-23 05:57	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Spyware Terminator
2010-08-21 20:58 . 2010-08-21 22:47	--------	d-----w-	c:\programdata\Spyware Terminator
2010-08-21 20:58 . 2010-08-21 23:11	--------	d-----w-	c:\program files\Spyware Terminator
2010-08-18 03:14 . 2010-08-18 03:14	--------	d-----w-	c:\program files\Common Files\Java
2010-08-18 03:14 . 2010-08-18 03:14	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-08-17 11:06 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 11:06 . 2010-08-17 11:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-17 11:06 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-16 14:56 . 2010-08-16 18:22	785408	----a-w-	c:\windows\system32\drivers\ttbis.sys
2010-08-16 14:56 . 2010-08-17 10:53	--------	d-----w-	c:\users\Administrator\AppData\Local\hhwousgfr
2010-08-16 14:55 . 2010-08-16 14:55	--------	d-----w-	c:\users\Administrator\AppData\Roaming\146B927A0BC2AF5D5B1D4D21F7F9CD1B
2010-08-06 17:33 . 2010-08-21 20:15	--------	d-----w-	c:\users\Administrator\AppData\Roaming\TV-Browser
2010-08-03 17:06 . 2010-08-03 17:06	--------	d-----w-	c:\program files\iPod
2010-07-27 19:54 . 2010-08-07 21:11	--------	d-----w-	c:\program files\The KMPlayer
2010-07-26 13:33 . 2010-08-17 19:53	--------	d-----w-	c:\users\Administrator\dwhelper
2010-07-25 20:29 . 2010-07-28 14:21	--------	d-----w-	c:\programdata\Rosetta Stone
2010-07-25 20:29 . 2010-07-25 20:29	--------	d-----w-	c:\program files\Rosetta Stone

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 05:36 . 2008-03-05 02:32	--------	d-----w-	c:\users\Administrator\AppData\Roaming\vlc
2010-08-23 02:30 . 2007-10-22 11:08	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Vso
2010-08-22 23:51 . 2009-06-23 20:07	--------	d-----w-	c:\program files\Movie Maker 2.6
2010-08-22 23:50 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-22 14:08 . 2009-01-28 19:53	--------	d-----w-	c:\program files\Opera
2010-08-18 23:24 . 2007-10-17 13:50	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-18 02:52 . 2010-01-04 20:38	--------	d-----w-	c:\program files\TrueCrypt
2010-08-17 21:35 . 2007-10-17 00:50	107408	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-17 10:40 . 2010-06-27 11:24	680	----a-w-	c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-08-16 22:58 . 2007-10-17 14:00	--------	d-----w-	c:\programdata\FLEXnet
2010-08-16 17:12 . 2010-01-12 08:59	--------	d-----w-	c:\program files\a-squared Free
2010-08-16 04:20 . 2010-06-23 14:02	--------	d-----w-	c:\program files\LingoPad
2010-08-12 20:14 . 2008-11-25 14:02	--------	d-----w-	c:\users\Administrator\AppData\Roaming\dvdcss
2010-08-06 17:32 . 2008-06-26 15:26	--------	d-----w-	c:\program files\TV-Browser
2010-08-03 17:16 . 2008-02-13 15:00	--------	d-----w-	c:\program files\iTunes
2010-08-03 17:06 . 2008-02-13 14:51	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-23 19:51 . 2010-07-23 19:51	136096	---ha-w-	c:\windows\system32\mlfcache.dat
2010-07-21 14:03 . 2008-07-07 09:52	--------	d-----w-	c:\users\Administrator\AppData\Roaming\ICQ
2010-07-21 14:02 . 2010-07-21 14:02	--------	d-----w-	c:\programdata\ICQ
2010-07-21 14:02 . 2007-07-27 16:17	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-17 01:55 . 2008-05-11 20:29	895	----a-w-	c:\windows\eReg.dat
2010-07-14 19:00 . 2007-10-17 16:31	--------	d-----w-	c:\program files\DAEMON Tools
2010-07-11 11:33 . 2007-07-27 16:44	--------	d-----w-	c:\programdata\Roxio
2010-07-11 11:33 . 2007-07-27 16:38	--------	d-----w-	c:\program files\Common Files\Roxio Shared
2010-07-10 21:57 . 2010-03-20 14:22	--------	d-----w-	c:\program files\AV Vcs 6.0 DIAMOND
2010-07-10 21:15 . 2008-04-04 12:19	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-07-10 19:08 . 2010-07-10 19:08	--------	d-----w-	c:\program files\Microsoft.NET
2010-07-08 13:21 . 2010-07-08 13:21	--------	d-----w-	c:\users\Administrator\AppData\Roaming\FastStone
2010-06-26 06:05 . 2010-08-22 23:47	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-22 23:47	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-22 23:47	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-22 23:47	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-25 18:57 . 2008-02-13 15:02	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Apple Computer
2010-06-25 18:55 . 2010-06-25 18:53	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-25 18:49 . 2010-06-25 18:48	--------	d-----w-	c:\program files\QuickTime
2010-06-25 18:45 . 2009-08-12 00:00	--------	d-----w-	c:\program files\Apple Software Update
2010-06-25 09:13 . 2009-08-12 13:41	--------	d-----w-	c:\program files\Bonjour
2010-06-21 13:37 . 2010-08-22 23:47	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-22 23:47	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-22 23:47	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-22 23:47	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-11 16:16 . 2010-08-22 23:47	274944	----a-w-	c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-22 23:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-05-26 17:06 . 2010-07-10 18:56	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-07-10 18:56	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-25 23:40 . 2010-05-25 23:40	123144	----a-w-	c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2009-04-11 . 84D74DBD2CBD623F41B7678A27B0F8AA . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-08-22 17:49	310328	----a-w-	c:\windows\System32\PGPfsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SynTPEnh.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2008-3-28 1045800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 16:04	49152	----a-w-	c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PGPmapih.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli PGPpwflt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\CCleaner.exe]
path=CCleaner.exe
backup=c:\windows\pss\CCleaner.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 11:40	218032	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"VistaSp2"=hex(b):87,a1,0c,24,bc,19,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [x]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2005-02-22 15104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 NDNdisprot;NetDetect NDIS Driver;c:\windows\system32\DRIVERS\ndndisprot.sys [2008-01-01 21504]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate1ca168b3cb2a5e3;Google Update Service (gupdate1ca168b3cb2a5e3);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 133104]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-10-17 685816]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2008-08-22 128568]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-08-21 142592]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-07-14 1872320]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 11:44]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 11:44]

2010-08-23 c:\windows\Tasks\User_Feed_Synchronization-{BD4BC8F0-18E3-4538-A5AC-6027C0DDD2E0}.job
- c:\windows\system32\msfeedssync.exe [2010-08-22 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f2ao3cfs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 08:39
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,99,55,3d,09,7e,f9,46,ac,ca,0b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,e6,ea,75,95,d0,e6,40,8c,1e,a2,\

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.0122Istanbul_Bosporus_trip4217200312101418\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="3gp_auto_file"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Paint.Picture"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc6491.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc6491.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Rtf"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wgt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.Widget"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMVFile"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\NOTEPAD.EXE"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28FAB9E2-8056-C399-CA16-FD317BB72F73}*]
"iahajioljmcloppjcl"=hex:6a,61,65,63,6b,6d,70,70,6a,6b,6f,6c,68,61,6b,6e,6b,69,
   6f,6f,00,08
"hanaphjeohkoaiee"=hex:6a,61,65,63,6b,6d,70,70,6a,6b,6f,6c,68,61,6b,6e,6b,69,
   6f,6f,00,01

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8923014A-46E6-8B98-1CD9-1623C5A77CEE}*]
"hanfgllpamcnhhgd"=hex:6a,61,6b,63,6a,6b,64,61,6d,64,68,66,6e,68,61,6c,6a,6f,
   70,67,00,03
"iapgihbadbmlihojgn"=hex:6a,61,6b,63,6a,6b,64,61,6d,64,68,66,6e,68,61,6c,6a,6f,
   70,67,00,03

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2DE89BFF-E132-853A-E20D-320167E63033}\InProcServer32*]
"kagolagpfbkoffmdpmjabl"=hex:62,61,67,6a,00,fc
"jagogpodkogmhpijddca"=hex:63,61,62,6a,6d,70,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3208)
c:\windows\system32\PGPfsshl.dll
c:\program files\PGP Corporation\PGP Desktop\PGPwipe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PGPserv.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RacAgent.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-23  08:55:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-23 06:55

Vor Suchlauf: 5.841.293.312 bytes free
Nach Suchlauf: 7.252.275.200 bytes free

- - End Of File - - E6521D539AE9F29CAEED3EF3031826EA
    Danke für deine Mühe bisher
  3. 24.08.2010 20:10 #23
    pc-jedi
    pc-jedi ist offline
    Senior Team-Mitglied Benutzerbild von pc-jedi
    Registriert seit
    17.07.2009
    Beiträge
    3.643

    AW: Trojanerbefall führt zu Extremausfall

    Schritt 1
    Vorbereitung

    Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
    Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.
    • Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
      Danach wieder anstellen nicht vergessen!
    • Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
      Dies kann dazu führen, dass ComboFix sich aufhängt.
    Anwendung
    1. Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:
      Code:
      TDL::
C:\Windows\system32\drivers\ndis.sys
MIA::
c:\windows\explorer.exe
c:\windows\System32\wininit.exe
SRPeek::
c:\windows\explorer.exe
c:\windows\System32\wininit.exe
RegNull::
[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28FAB9E2-8056-C399-CA16-FD317BB72F73}*]
[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8923014A-46E6-8B98-1CD9-1623C5A77CEE}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2DE89BFF-E132-853A-E20D-320167E63033}\InProcServer32*]
    2. Speichere dies als CFScript.txt auf Deinem Desktop.

      .
    3. In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
    4. Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
    Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
    Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

    Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
    Geändert von pc-jedi (25.08.2010 um 06:30 Uhr)
    mfg pc-jedi

    Wenn nicht innerhalb von 48 Stunden antworte schickt mir bitte eine Nachricht mit einem Link zu eurem Thread.
    Neu hier?
  4. 26.08.2010 14:45 #24
    hares
    hares ist offline
    Einsteiger
    Registriert seit
    16.08.2010
    Beiträge
    18

    AW: Trojanerbefall führt zu Extremausfall

    Combofix Log:
    Code:
    ComboFix 10-08-23.02 - Administrator 26.08.2010  13:22:23.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1033.18.1015.255 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Administrator\Desktop\CFScript.txt.txt
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe wurde wiederhergestellt 

c:\windows\System32\wininit.exe . . . ist infiziert!!

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-26 bis 2010-08-26  ))))))))))))))))))))))))))))))
.

2010-08-26 11:46 . 2010-08-26 11:46	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-26 11:46 . 2010-08-26 11:46	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2010-08-26 11:46 . 2010-08-26 11:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-22 23:56 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-08-22 23:48 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-22 23:48 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-22 23:48 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-22 23:44 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-21 20:58 . 2010-08-21 20:58	142592	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-21 20:58 . 2010-08-23 05:57	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Spyware Terminator
2010-08-21 20:58 . 2010-08-21 22:47	--------	d-----w-	c:\programdata\Spyware Terminator
2010-08-21 20:58 . 2010-08-21 23:11	--------	d-----w-	c:\program files\Spyware Terminator
2010-08-18 03:14 . 2010-08-18 03:14	--------	d-----w-	c:\program files\Common Files\Java
2010-08-18 03:14 . 2010-08-18 03:14	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-08-17 11:06 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 11:06 . 2010-08-17 11:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-17 11:06 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-16 14:56 . 2010-08-16 18:22	785408	----a-w-	c:\windows\system32\drivers\ttbis.sys
2010-08-16 14:56 . 2010-08-17 10:53	--------	d-----w-	c:\users\Administrator\AppData\Local\hhwousgfr
2010-08-16 14:55 . 2010-08-16 14:55	--------	d-----w-	c:\users\Administrator\AppData\Roaming\146B927A0BC2AF5D5B1D4D21F7F9CD1B
2010-08-06 17:33 . 2010-08-21 20:15	--------	d-----w-	c:\users\Administrator\AppData\Roaming\TV-Browser
2010-08-03 17:06 . 2010-08-03 17:06	--------	d-----w-	c:\program files\iPod
2010-07-27 19:54 . 2010-08-07 21:11	--------	d-----w-	c:\program files\The KMPlayer

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 11:15 . 2008-03-05 02:32	--------	d-----w-	c:\users\Administrator\AppData\Roaming\vlc
2010-08-24 20:08 . 2010-07-25 20:29	--------	d-----w-	c:\programdata\Rosetta Stone
2010-08-23 17:20 . 2009-09-06 19:40	--------	d-----w-	c:\program files\Ubisoft
2010-08-23 02:30 . 2007-10-22 11:08	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Vso
2010-08-22 23:51 . 2009-06-23 20:07	--------	d-----w-	c:\program files\Movie Maker 2.6
2010-08-22 23:50 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-22 14:08 . 2009-01-28 19:53	--------	d-----w-	c:\program files\Opera
2010-08-18 23:24 . 2007-10-17 13:50	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-18 02:52 . 2010-01-04 20:38	--------	d-----w-	c:\program files\TrueCrypt
2010-08-17 21:35 . 2007-10-17 00:50	107408	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-17 10:40 . 2010-06-27 11:24	680	----a-w-	c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-08-16 22:58 . 2007-10-17 14:00	--------	d-----w-	c:\programdata\FLEXnet
2010-08-16 17:12 . 2010-01-12 08:59	--------	d-----w-	c:\program files\a-squared Free
2010-08-16 04:20 . 2010-06-23 14:02	--------	d-----w-	c:\program files\LingoPad
2010-08-12 20:14 . 2008-11-25 14:02	--------	d-----w-	c:\users\Administrator\AppData\Roaming\dvdcss
2010-08-06 17:32 . 2008-06-26 15:26	--------	d-----w-	c:\program files\TV-Browser
2010-08-03 17:16 . 2008-02-13 15:00	--------	d-----w-	c:\program files\iTunes
2010-08-03 17:06 . 2008-02-13 14:51	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-25 20:29 . 2010-07-25 20:29	--------	d-----w-	c:\program files\Rosetta Stone
2010-07-23 19:51 . 2010-07-23 19:51	136096	---ha-w-	c:\windows\system32\mlfcache.dat
2010-07-21 14:03 . 2008-07-07 09:52	--------	d-----w-	c:\users\Administrator\AppData\Roaming\ICQ
2010-07-21 14:02 . 2010-07-21 14:02	--------	d-----w-	c:\programdata\ICQ
2010-07-21 14:02 . 2007-07-27 16:17	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-17 01:55 . 2008-05-11 20:29	895	----a-w-	c:\windows\eReg.dat
2010-07-14 19:00 . 2007-10-17 16:31	--------	d-----w-	c:\program files\DAEMON Tools
2010-07-11 11:33 . 2007-07-27 16:44	--------	d-----w-	c:\programdata\Roxio
2010-07-11 11:33 . 2007-07-27 16:38	--------	d-----w-	c:\program files\Common Files\Roxio Shared
2010-07-10 21:57 . 2010-03-20 14:22	--------	d-----w-	c:\program files\AV Vcs 6.0 DIAMOND
2010-07-10 21:15 . 2008-04-04 12:19	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-07-10 19:08 . 2010-07-10 19:08	--------	d-----w-	c:\program files\Microsoft.NET
2010-07-08 13:21 . 2010-07-08 13:21	--------	d-----w-	c:\users\Administrator\AppData\Roaming\FastStone
2010-06-26 06:05 . 2010-08-22 23:47	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-22 23:47	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-22 23:47	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-22 23:47	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-22 23:47	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-22 23:47	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-22 23:47	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-22 23:47	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-11 16:16 . 2010-08-22 23:47	274944	----a-w-	c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-22 23:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((((((((   SR_Search   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2009-04-11 . C7159FBC06FB1BC13F18A3AB3031052B . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe

[-] 2008-01-19 . C78A4971E281B69404F27014CE0781FA . 96768 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-08-22 17:49	310328	----a-w-	c:\windows\System32\PGPfsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SynTPEnh.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2008-3-28 1045800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 16:04	49152	----a-w-	c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PGPmapih.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli PGPpwflt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\CCleaner.exe]
path=CCleaner.exe
backup=c:\windows\pss\CCleaner.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 11:40	218032	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"VistaSp2"=hex(b):87,a1,0c,24,bc,19,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [x]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2005-02-22 15104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 NDNdisprot;NetDetect NDIS Driver;c:\windows\system32\DRIVERS\ndndisprot.sys [2008-01-01 21504]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate1ca168b3cb2a5e3;Google Update Service (gupdate1ca168b3cb2a5e3);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 133104]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-10-17 685816]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2008-08-22 128568]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-08-21 142592]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-07-14 1872320]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 11:44]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 11:44]

2010-08-26 c:\windows\Tasks\User_Feed_Synchronization-{BD4BC8F0-18E3-4538-A5AC-6027C0DDD2E0}.job
- c:\windows\system32\msfeedssync.exe [2010-08-22 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f2ao3cfs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 14:14
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,99,55,3d,09,7e,f9,46,ac,ca,0b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,e6,ea,75,95,d0,e6,40,8c,1e,a2,\

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.0122Istanbul_Bosporus_trip4217200312101418\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="3gp_auto_file"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Paint.Picture"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc6491.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc6491.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Rtf"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wgt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.Widget"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMVFile"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\NOTEPAD.EXE"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28FAB9E2-8056-C399-CA16-FD317BB72F73}*]
"iahajioljmcloppjcl"=hex:6a,61,65,63,6b,6d,70,70,6a,6b,6f,6c,68,61,6b,6e,6b,69,
   6f,6f,00,08
"hanaphjeohkoaiee"=hex:6a,61,65,63,6b,6d,70,70,6a,6b,6f,6c,68,61,6b,6e,6b,69,
   6f,6f,00,01

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8923014A-46E6-8B98-1CD9-1623C5A77CEE}*]
"hanfgllpamcnhhgd"=hex:6a,61,6b,63,6a,6b,64,61,6d,64,68,66,6e,68,61,6c,6a,6f,
   70,67,00,03
"iapgihbadbmlihojgn"=hex:6a,61,6b,63,6a,6b,64,61,6d,64,68,66,6e,68,61,6c,6a,6f,
   70,67,00,03

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2DE89BFF-E132-853A-E20D-320167E63033}\InProcServer32*]
"kagolagpfbkoffmdpmjabl"=hex:62,61,67,6a,00,fc
"jagogpodkogmhpijddca"=hex:63,61,62,6a,6d,70,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2980)
c:\windows\system32\PGPfsshl.dll
c:\program files\PGP Corporation\PGP Desktop\PGPwipe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PGPserv.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-26  14:28:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-26 12:28

Vor Suchlauf: 11.584.094.208 bytes free
Nach Suchlauf: 11.632.943.104 bytes free

- - End Of File - - 5D61FD14A408E2B50F2A140EB640CBE7
  5. 27.08.2010 06:26 #25
    pc-jedi
    pc-jedi ist offline
    Senior Team-Mitglied Benutzerbild von pc-jedi
    Registriert seit
    17.07.2009
    Beiträge
    3.643
    Hi

    Du hast das CombotFix Script als CFScript.txt.txt gespeichert aber es soll CFScript.txt heißen.
    Entferne ein .txt und speichere es. Ziehe es danach nochmal in die ComboFix.exe

    Edit 30.08.2010

    Fehlende Rückmeldung

    Gibt es Probleme beim Abarbeiten obiger Anleitung, wenn ja welche? Wenn ich innerhalb von fünf Tagen keine Rückmeldung von Dir erhalte, gehe ich davon aus, dass Du nicht mehr weitermachen möchtest und werde diesen Thread kommentarlos schließen, damit Kapazitäten für andere wartende User frei werden.

    Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.
    Geändert von Petra (06.09.2010 um 20:20 Uhr) Grund: Beiträge zusammengefügt
    mfg pc-jedi

    Wenn nicht innerhalb von 48 Stunden antworte schickt mir bitte eine Nachricht mit einem Link zu eurem Thread.
    Neu hier?
  6. 31.08.2010 17:38 #26
    hares
    hares ist offline
    Einsteiger
    Registriert seit
    16.08.2010
    Beiträge
    18

    AW: Trojanerbefall führt zu Extremausfall

    Hier ist der neueste Combofix Log mit der richtigen Textdatei asugeführt. Sorry für die Verzögerung.

    Wenn Combofix nach dem Scan neu startet, dann bleibt es beim ausloggen schirm stecken. Ich muss den notebook dann manuell beenden und neu starten.

    Code:
    ComboFix 10-08-30.02 - Administrator 31.08.2010  14:14:33.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1033.18.1015.304 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Administrator\Desktop\CFScript.txt
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

Infizierte Kopie von c:\windows\system32\wininit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe wurde wiederhergestellt 

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe wurde wiederhergestellt 

Infizierte Kopie von c:\windows\system32\wininit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe wurde wiederhergestellt
Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe wurde wiederhergestellt
.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-28 bis 2010-08-31  ))))))))))))))))))))))))))))))
.

2010-08-31 12:36 . 2010-08-31 12:36	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-31 12:36 . 2010-08-31 12:36	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2010-08-31 12:36 . 2010-08-31 12:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-22 23:56 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-08-22 23:48 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-22 23:48 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-22 23:48 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-22 23:44 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-21 20:58 . 2010-08-21 20:58	142592	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-21 20:58 . 2010-08-23 05:57	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Spyware Terminator
2010-08-21 20:58 . 2010-08-21 22:47	--------	d-----w-	c:\programdata\Spyware Terminator
2010-08-21 20:58 . 2010-08-21 23:11	--------	d-----w-	c:\program files\Spyware Terminator
2010-08-18 03:14 . 2010-08-18 03:14	--------	d-----w-	c:\program files\Common Files\Java
2010-08-18 03:14 . 2010-08-18 03:14	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-08-17 11:06 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 11:06 . 2010-08-17 11:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-17 11:06 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-16 14:56 . 2010-08-16 18:22	785408	----a-w-	c:\windows\system32\drivers\ttbis.sys
2010-08-16 14:56 . 2010-08-17 10:53	--------	d-----w-	c:\users\Administrator\AppData\Local\hhwousgfr
2010-08-16 14:55 . 2010-08-16 14:55	--------	d-----w-	c:\users\Administrator\AppData\Roaming\146B927A0BC2AF5D5B1D4D21F7F9CD1B
2010-08-06 17:33 . 2010-08-28 21:32	--------	d-----w-	c:\users\Administrator\AppData\Roaming\TV-Browser
2010-08-03 17:06 . 2010-08-03 17:06	--------	d-----w-	c:\program files\iPod

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 11:59 . 2008-03-05 02:32	--------	d-----w-	c:\users\Administrator\AppData\Roaming\vlc
2010-08-30 03:27 . 2007-10-22 11:08	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Vso
2010-08-29 12:52 . 2009-01-26 18:14	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Any Video Converter Professional
2010-08-24 20:08 . 2010-07-25 20:29	--------	d-----w-	c:\programdata\Rosetta Stone
2010-08-23 17:20 . 2009-09-06 19:40	--------	d-----w-	c:\program files\Ubisoft
2010-08-22 23:51 . 2009-06-23 20:07	--------	d-----w-	c:\program files\Movie Maker 2.6
2010-08-22 23:50 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-22 14:08 . 2009-01-28 19:53	--------	d-----w-	c:\program files\Opera
2010-08-18 23:24 . 2007-10-17 13:50	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-18 02:52 . 2010-01-04 20:38	--------	d-----w-	c:\program files\TrueCrypt
2010-08-17 21:35 . 2007-10-17 00:50	107408	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-17 10:40 . 2010-06-27 11:24	680	----a-w-	c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-08-16 22:58 . 2007-10-17 14:00	--------	d-----w-	c:\programdata\FLEXnet
2010-08-16 17:12 . 2010-01-12 08:59	--------	d-----w-	c:\program files\a-squared Free
2010-08-16 04:20 . 2010-06-23 14:02	--------	d-----w-	c:\program files\LingoPad
2010-08-12 20:14 . 2008-11-25 14:02	--------	d-----w-	c:\users\Administrator\AppData\Roaming\dvdcss
2010-08-07 21:11 . 2010-07-27 19:54	--------	d-----w-	c:\program files\The KMPlayer
2010-08-06 17:32 . 2008-06-26 15:26	--------	d-----w-	c:\program files\TV-Browser
2010-08-03 17:16 . 2008-02-13 15:00	--------	d-----w-	c:\program files\iTunes
2010-08-03 17:06 . 2008-02-13 14:51	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-25 20:29 . 2010-07-25 20:29	--------	d-----w-	c:\program files\Rosetta Stone
2010-07-23 19:51 . 2010-07-23 19:51	136096	---ha-w-	c:\windows\system32\mlfcache.dat
2010-07-21 14:03 . 2008-07-07 09:52	--------	d-----w-	c:\users\Administrator\AppData\Roaming\ICQ
2010-07-21 14:02 . 2010-07-21 14:02	--------	d-----w-	c:\programdata\ICQ
2010-07-21 14:02 . 2007-07-27 16:17	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-17 01:55 . 2008-05-11 20:29	895	----a-w-	c:\windows\eReg.dat
2010-07-14 19:00 . 2007-10-17 16:31	--------	d-----w-	c:\program files\DAEMON Tools
2010-07-11 11:33 . 2007-07-27 16:44	--------	d-----w-	c:\programdata\Roxio
2010-07-11 11:33 . 2007-07-27 16:38	--------	d-----w-	c:\program files\Common Files\Roxio Shared
2010-07-10 21:57 . 2010-03-20 14:22	--------	d-----w-	c:\program files\AV Vcs 6.0 DIAMOND
2010-07-10 21:15 . 2008-04-04 12:19	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-07-10 19:08 . 2010-07-10 19:08	--------	d-----w-	c:\program files\Microsoft.NET
2010-07-08 13:21 . 2010-07-08 13:21	--------	d-----w-	c:\users\Administrator\AppData\Roaming\FastStone
2010-06-26 06:05 . 2010-08-22 23:47	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-22 23:47	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-22 23:47	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-22 23:47	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-22 23:47	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-22 23:47	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-22 23:47	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-22 23:47	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-11 16:16 . 2010-08-22 23:47	274944	----a-w-	c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-22 23:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((((((((   SR_Search   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-08-22 17:49	310328	----a-w-	c:\windows\System32\PGPfsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SynTPEnh.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2008-3-28 1045800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 16:04	49152	----a-w-	c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PGPmapih.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli PGPpwflt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\CCleaner.exe]
path=CCleaner.exe
backup=c:\windows\pss\CCleaner.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 11:40	218032	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"VistaSp2"=hex(b):87,a1,0c,24,bc,19,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [x]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2005-02-22 15104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131]
R3 NDNdisprot;NetDetect NDIS Driver;c:\windows\system32\DRIVERS\ndndisprot.sys [2008-01-01 21504]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate1ca168b3cb2a5e3;Google Update Service (gupdate1ca168b3cb2a5e3);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 133104]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-10-17 685816]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [2008-08-22 128568]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-08-21 142592]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-07-14 1872320]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 11:44]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 11:44]

2010-08-31 c:\windows\Tasks\User_Feed_Synchronization-{BD4BC8F0-18E3-4538-A5AC-6027C0DDD2E0}.job
- c:\windows\system32\msfeedssync.exe [2010-08-22 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\PGPlsp.dll
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f2ao3cfs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 16:35
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,99,55,3d,09,7e,f9,46,ac,ca,0b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,e6,ea,75,95,d0,e6,40,8c,1e,a2,\

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.0122Istanbul_Bosporus_trip4217200312101418\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="3gp_auto_file"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Paint.Picture"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc6491.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc6491.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Rtf"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wgt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.Widget"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMVFile"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\NOTEPAD.EXE"

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28FAB9E2-8056-C399-CA16-FD317BB72F73}*]
"iahajioljmcloppjcl"=hex:6a,61,65,63,6b,6d,70,70,6a,6b,6f,6c,68,61,6b,6e,6b,69,
   6f,6f,00,08
"hanaphjeohkoaiee"=hex:6a,61,65,63,6b,6d,70,70,6a,6b,6f,6c,68,61,6b,6e,6b,69,
   6f,6f,00,01

[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8923014A-46E6-8B98-1CD9-1623C5A77CEE}*]
"hanfgllpamcnhhgd"=hex:6a,61,6b,63,6a,6b,64,61,6d,64,68,66,6e,68,61,6c,6a,6f,
   70,67,00,03
"iapgihbadbmlihojgn"=hex:6a,61,6b,63,6a,6b,64,61,6d,64,68,66,6e,68,61,6c,6a,6f,
   70,67,00,03

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2DE89BFF-E132-853A-E20D-320167E63033}\InProcServer32*]
"kagolagpfbkoffmdpmjabl"=hex:62,61,67,6a,00,fc
"jagogpodkogmhpijddca"=hex:63,61,62,6a,6d,70,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3456)
c:\windows\system32\PGPfsshl.dll
c:\program files\PGP Corporation\PGP Desktop\PGPwipe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PGPserv.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-31  16:49:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-31 14:49

Vor Suchlauf: 9.134.841.856 bytes free
Nach Suchlauf: 9.963.982.848 bytes free

- - End Of File - - FA2B51E16F29F9C5A3222965AAC8F8DD
  7. 01.09.2010 15:42 #27
    pc-jedi
    pc-jedi ist offline
    Senior Team-Mitglied Benutzerbild von pc-jedi
    Registriert seit
    17.07.2009
    Beiträge
    3.643

    AW: Trojanerbefall führt zu Extremausfall

    Hi

    Erstmal ein frische OTL Logfile:
    Schritt 1
    Systemscan mit OTL

    Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
    • Doppelklick auf die OTL.exe
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Oben findest Du ein Kästchen mit Ausgabe.
      Wähle bitte Minimal-Ausgabe
    • Mache einen Haken bei Scan alle Benutzer.
    • Unter Extra-Registrierung wähle bitte Benutze SafeList.
    • Mache Häckchen bei LOP- und Purity-Prüfung.
    • Klicke nun auf Scan links oben.


    • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
      Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.

    Schritt 2
    Hast du eine Besserung vernehmen können?
    mfg pc-jedi

    Wenn nicht innerhalb von 48 Stunden antworte schickt mir bitte eine Nachricht mit einem Link zu eurem Thread.
    Neu hier?
  8. 01.09.2010 19:20 #28
    hares
    hares ist offline
    Einsteiger
    Registriert seit
    16.08.2010
    Beiträge
    18

    AW: Trojanerbefall führt zu Extremausfall

    Das System läuft jetzt weitestgehend normal. Allerdings vermeldet malwarebytes im Hintergrund häufig, dass Zugang zu bestimmten Ip Adressen erfolgreich blockiert wurden. Auch wenn ich garnicht im Internet tätig bin.

    Ansonsten erscheinen keinerlei Fehlermeldungen und Windows stürzt auch nicht mehr ab. Und dafür kann ich dir nicht dankbar genug sein!

    OTL.txt
    Code:
    OTL logfile created on: 01.09.2010 19:07:28 - Run 3
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 177,00 Mb Available Physical Memory | 17,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,45 Gb Total Space | 5,85 Gb Free Space | 5,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,23% Space Free | Partition Type: NTFS
Drive F: | 6,88 Gb Total Space | 0,68 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 1,90 Gb Total Space | 0,58 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: 5THDIVISION
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\PGPserv.exe (PGP Corporation)
PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HDD & SSD access service) -- C:\Program Files\Common Files\BinarySense\disksvc.exe File not found
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PGPserv) -- C:\WINDOWS\System32\PGPserv.exe (PGP Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLCDLOCK) -- C:\WINDOWS\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (AEADIFilters) -- C:\WINDOWS\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBModem) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- C:\Windows\System32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IPSECSHM) -- C:\Windows\System32\DRIVERS\ipsecw2k.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\DRIVERS\avipbb.sys File not found
DRV - (sp_rsdrv2) -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (taphss) -- C:\WINDOWS\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (BCM43XX) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (PGPdisk) -- C:\Windows\System32\drivers\PGPdisk.sys (PGP Corporation)
DRV - (PGPsdkDriver) -- C:\WINDOWS\System32\drivers\PGPsdk.sys (PGP Corporation)
DRV - (PGPwded) -- C:\Windows\System32\drivers\PGPwded.sys (PGP Corporation)
DRV - (pgpfs) -- C:\Windows\System32\Drivers\PGPfsfd.sys (PGP Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (tapvpn) -- C:\WINDOWS\System32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (NDNdisprot) -- C:\WINDOWS\System32\drivers\NDNdisprot.sys (Windows (R) 2000 DDK provider)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DAMDrv) -- C:\WINDOWS\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\WINDOWS\System32\drivers\af15bda.sys (AfaTech                  )
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\WINDOWS\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rockusb) -- C:\WINDOWS\System32\drivers\rockusb.sys (Fuzhou Rockchip Electronics Co,Ltd.)
DRV - (AVMUNET) -- C:\WINDOWS\System32\drivers\avmunet.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-420206636-805589922-3808772611-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-420206636-805589922-3808772611-500\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-420206636-805589922-3808772611-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8a6
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.7.5
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.22 20:22:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.22 20:22:56 | 000,000,000 | ---D | M]
 
[2010.07.26 14:39:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010.08.27 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions
[2010.08.27 21:51:07 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010.07.26 15:33:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.26 14:42:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.26 14:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.07.29 19:29:04 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.08.17 22:59:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\facepad@lazyrussian.com
[2010.07.26 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\firegestures@xuldev.org
[2010.07.26 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\isreaditlater@ideashower.com
[2010.08.14 19:03:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\f2ao3cfs.default\extensions\tineye@ideeinc.com
[2010.08.22 20:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.18 05:14:07 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.31 16:35:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKU\S-1-5-21-420206636-805589922-3808772611-500\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eigene Dateien - Shortcut.lnk = C:\Users\Administrator\Desktop\Eigene Dateien [2010.09.01 19:06:40 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-420206636-805589922-3808772611-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-420206636-805589922-3808772611-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-420206636-805589922-3808772611-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-420206636-805589922-3808772611-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-420206636-805589922-3808772611-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\PGPlsp.dll (PGP Corporation)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-420206636-805589922-3808772611-500\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-420206636-805589922-3808772611-500\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-420206636-805589922-3808772611-500\..Trusted Ranges: Range2 ([*] in Local intranet)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://mywebcast.cc/tvants/tvants.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (PGPmapih.dll) - C:\Windows\System32\PGPmapih.dll (PGP Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.01 17:18:15 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010.08.31 16:35:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.31 14:36:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.31 14:11:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.31 14:11:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.31 14:11:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.31 14:11:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.08.31 14:10:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.26 13:17:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.23 01:56:37 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.08.23 01:48:23 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.23 01:48:22 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.23 01:48:17 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.23 01:47:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.23 01:47:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.23 01:47:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.23 01:47:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.23 01:47:49 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.23 01:47:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.23 01:47:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.23 01:47:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.23 01:47:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.23 01:47:48 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.23 01:47:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.23 01:47:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.23 01:47:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.23 01:47:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.23 01:47:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.23 01:47:41 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.23 01:47:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.21 22:58:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Spyware Terminator
[2010.08.21 22:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.08.21 22:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.08.18 18:12:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.18 05:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.08.18 05:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.18 05:14:23 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.08.18 05:14:23 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.18 05:14:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.18 05:14:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.17 13:06:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.17 13:06:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.17 13:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.17 13:05:32 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Administrator\Desktop\mbam-setup-1.46.exe
[2010.08.16 16:56:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\hhwousgfr
[2010.08.16 16:55:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\146B927A0BC2AF5D5B1D4D21F7F9CD1B
[2010.08.06 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TV-Browser
[2010.08.03 19:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.01 19:10:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD4BC8F0-18E3-4538-A5AC-6027C0DDD2E0}.job
[2010.09.01 19:08:34 | 007,340,032 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat
[2010.09.01 19:03:08 | 000,185,856 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.01 18:19:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.01 17:18:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010.09.01 17:13:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.01 17:13:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.01 17:13:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.01 17:13:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.01 17:13:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.01 17:13:00 | 1064,624,128 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.01 12:04:25 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010.09.01 12:04:25 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.09.01 12:04:21 | 001,972,004 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2010.09.01 07:10:34 | 000,002,215 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010.08.31 16:35:53 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.31 16:35:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.31 11:24:40 | 003,829,532 | R--- | M] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2010.08.29 14:53:55 | 005,828,486 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.29 14:53:52 | 005,126,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.29 14:53:49 | 000,005,940 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.23 04:51:22 | 002,334,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.22 20:23:00 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.22 16:08:51 | 000,000,698 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.08.22 16:08:51 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.21 22:59:14 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.08.21 22:58:37 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.08.21 22:14:52 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.18 05:14:07 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.08.18 05:14:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.18 05:14:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.18 05:14:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.17 23:35:14 | 000,107,408 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.17 19:36:22 | 173,438,804 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.17 13:06:20 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.17 12:40:03 | 000,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2010.08.17 12:37:00 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Administrator\Desktop\mbam-setup-1.46.exe
[2010.08.16 20:22:17 | 000,785,408 | ---- | M] () -- C:\Windows\System32\drivers\ttbis.sys
[2010.08.16 20:21:06 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2010.08.06 19:32:54 | 000,001,661 | ---- | M] () -- C:\Users\Public\Desktop\TV-Browser.lnk
[2010.08.03 19:34:51 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2010.08.31 14:11:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.31 14:11:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.31 14:11:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.31 14:11:26 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.31 14:11:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.31 11:24:24 | 003,829,532 | R--- | C] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2010.08.22 20:23:00 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.22 16:08:51 | 000,000,698 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.08.22 16:08:51 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.21 22:59:14 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.08.21 22:58:37 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.08.19 01:25:12 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.17 20:51:11 | 1064,624,128 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.17 13:06:20 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.16 20:20:05 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2010.08.16 16:56:50 | 000,785,408 | ---- | C] () -- C:\Windows\System32\drivers\ttbis.sys
[2010.08.06 19:32:54 | 000,001,661 | ---- | C] () -- C:\Users\Public\Desktop\TV-Browser.lnk
[2010.08.03 21:28:47 | 000,002,215 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010.08.03 19:16:49 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.27 13:24:20 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009.09.08 22:12:17 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.08.12 18:17:57 | 000,000,040 | ---- | C] () -- C:\Users\Administrator\AppData\Local\73648-88365-27475-00IP7-22847
[2009.08.10 14:39:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.27 15:57:29 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.31 20:24:35 | 000,000,080 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2009.03.20 04:45:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini
[2008.08.31 18:38:40 | 000,000,115 | ---- | C] () -- C:\Windows\MXSkypeRecorder.INI
[2008.08.22 19:48:58 | 000,000,280 | ---- | C] () -- C:\Windows\System32\PGPsdk.dll.sig
[2008.05.31 23:16:06 | 000,000,147 | ---- | C] () -- C:\Windows\ae_mini.INI
[2008.05.31 23:13:55 | 000,000,230 | ---- | C] () -- C:\Windows\asr.INI
[2008.04.26 18:18:25 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.04.16 05:38:09 | 000,000,077 | ---- | C] () -- C:\Windows\System32\winitn.dll
[2008.04.16 05:37:53 | 000,000,001 | ---- | C] () -- C:\Windows\sslzdlt.dll
[2008.02.05 14:18:21 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.30 16:10:46 | 000,274,432 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007.12.22 21:42:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.12.09 20:42:28 | 000,000,184 | ---- | C] () -- C:\Windows\game.ini
[2007.10.31 09:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007.10.30 13:38:07 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.29 17:32:54 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007.10.29 17:17:11 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll
[2007.10.23 18:13:37 | 000,000,019 | ---- | C] () -- C:\Windows\retrieve.ini
[2007.10.17 02:50:41 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\QSwitch.txt
[2007.10.17 02:50:41 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DSwitch.txt
[2007.10.17 02:50:41 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\AtStart.txt
[2007.10.17 02:47:50 | 000,021,849 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2007.10.17 02:37:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.10.17 02:37:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.10.17 02:37:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.10.17 02:37:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.10.17 02:37:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.10.17 02:37:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.10.16 22:22:37 | 000,185,856 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.13 23:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007.09.13 23:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.09.13 23:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.07.29 23:51:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.06.08 18:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2007.06.07 04:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll
[2007.06.07 03:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.05.17 13:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.02.25 20:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
 
========== LOP Check ==========
 
[2008.07.02 22:45:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.doos
[2010.08.16 16:55:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\146B927A0BC2AF5D5B1D4D21F7F9CD1B
[2009.01.26 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Any Video Converter
[2010.08.29 14:52:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Any Video Converter Professional
[2008.05.31 22:34:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Cool Record Edit Deluxe
[2009.09.08 09:15:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\eBookPro6
[2007.11.02 02:41:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FRITZ!
[2009.09.06 22:06:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gearbox Software
[2008.09.21 05:45:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gena01
[2010.05.05 22:34:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HDRsoft
[2010.07.21 16:03:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2007.10.17 07:56:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQLite
[2009.02.17 06:58:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JAM Software
[2009.01.15 14:38:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LG Electronics
[2010.06.23 16:02:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lingo4u
[2008.10.07 17:43:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Livestation
[2008.08.11 19:03:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mp3 Audio Editor
[2009.08.15 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010.05.26 12:26:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2009.01.28 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2009.03.26 16:39:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PGP Corporation
[2008.02.24 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\putzi4win
[2007.10.17 15:04:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SampleView
[2007.12.22 21:45:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2010.08.23 07:57:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spyware Terminator
[2009.09.06 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2008.05.31 21:54:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sytexis Software
[2010.05.30 17:14:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TerraTec
[2010.03.23 15:30:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TrueCrypt
[2010.08.28 23:32:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TV-Browser
[2008.02.04 22:36:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\URSoft
[2010.08.30 05:27:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2008.08.16 23:14:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Web-Recherche
[2008.02.04 22:16:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WNR
[2010.05.26 01:31:39 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Opera
[2010.09.01 12:04:37 | 000,032,600 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010.09.01 19:10:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BD4BC8F0-18E3-4538-A5AC-6027C0DDD2E0}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:C4252FE0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:6900017D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:0E08FC17
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:661DFA1C
< End of report >
    Extras.txt
    Code:
    OTL Extras logfile created on: 01.09.2010 19:07:28 - Run 3
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 177,00 Mb Available Physical Memory | 17,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101,45 Gb Total Space | 5,85 Gb Free Space | 5,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,23% Space Free | Partition Type: NTFS
Drive F: | 6,88 Gb Total Space | 0,68 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 1,90 Gb Total Space | 0,58 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: 5THDIVISION
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4061}" = lport=7755 | protocol=6 | dir=in | name=spport | 
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4062}" = lport=7755 | protocol=6 | dir=out | name=spport | 
"{4B80EF81-5BCB-4099-8D05-B712BE27FA89}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
"{6DB865FD-D8F9-4ECF-BBE9-B04A300399F8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{79C7DACE-31A4-426E-BD52-2A4FA7ED19EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8AECC37F-F123-40ED-8E72-92DA53B2BA8F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{91B5AABE-10C3-43D9-AB54-FB04279F7057}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{930DB663-AF8D-408B-92D2-E6524EA6FDAE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A67F92BD-9968-4938-85FA-37553981F262}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B80C16F3-E24D-4C56-BC2C-FE43AF414EA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01672948-D552-4273-AED9-E89CF27E7888}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{04AD6EA0-A2AB-42D9-B85A-04A7548783B0}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{078BC69C-37C0-4068-889B-E972AF26A583}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsbcbb.tmp\symnrt.exe | 
"{116D38B4-BE1A-41E8-8BBE-63DC7BE268D7}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\channeleditor\cinergydvrchanneleditor.exe | 
"{135D2F78-EB2A-4BF1-8777-DCC4A0B1B5F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{14261476-F859-4F34-A192-A2678CB6EAD8}" = protocol=17 | dir=in | app=c:\program files\opera2\opera.exe | 
"{1DABCF28-241A-4F9C-B2F8-93908B90CF25}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsc1e9.tmp\symnrt.exe | 
"{1EA5C4AD-DDB3-490F-B58E-DB4D72B72F5F}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsc1e9.tmp\symnrt.exe | 
"{1FF57C9D-3897-4E6A-9F2A-C6ECF946CCDD}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{23CC21A7-2AE7-4312-A0D2-6544535DF7DC}" = protocol=17 | dir=in | app=c:\program files\nortel networks\extranet.exe | 
"{26A25C19-1101-4347-94D1-B31233DF7C50}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{2C046DA5-2ED4-4308-95FB-D69EB0BE96C8}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{2F38D468-2140-4705-9647-5280B8C1B02A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{4856ED74-57C6-4917-83D4-465F71226502}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{4907006D-4305-4E8B-9830-55DEFB024098}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{4C40CC91-6622-426E-957B-9F2E2F6F9A51}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{4F4093E4-AD87-42BA-87B8-6D19346D5CEB}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{52EDBEEC-19B6-47DE-9C04-135153884983}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{54F5D2B2-2461-4C77-852E-185674B22CF2}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsb8f8.tmp\symnrt.exe | 
"{5558EB74-4D29-4772-9A24-99FFFB98C579}" = dir=in | app=c:\program files\rosetta stone\rosetta stone v3\support\bin\win\rosettastoneltdservices.exe | 
"{5703A185-B927-4D8A-8089-480EB83FE110}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5D3110B0-03D6-476D-A2C2-0A40294A5D8C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{5D701362-2A7B-4918-81A4-4AE6DDEE2D6E}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{637C4ADB-1FD0-4667-85C0-B92A6FEFD7F7}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsb8f8.tmp\symnrt.exe | 
"{654BA3B2-B7D1-49ED-B5CD-20A7B768B2C2}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{6DC84B11-4626-4EAD-890B-2425F278BADC}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{6EF17E5D-9C32-42D2-8AAD-A153C5154FBE}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{72BBAD8D-1C13-4B86-AAB4-4711B6DEF0A4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{760F001A-A921-427E-A699-3EB6B0B75770}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{84EEE2EB-CCB6-471B-A59C-F99FBF9BC2B4}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{89447EEA-3012-4458-8BA3-6243B7AFC8D7}" = protocol=6 | dir=in | app=c:\program files\nortel networks\extranet.exe | 
"{98BAF6AF-61B6-47E5-A0A7-1DA4E3E27787}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9EF0E1CF-E600-4927-A7BF-578AF4B4B579}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe | 
"{9F1F2EEC-E5D1-41BF-9392-8F9F5D0145E8}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\channeleditor\cinergydvrchanneleditor.exe | 
"{9FDB44F6-73A5-4B6A-8794-EFD56C1C275A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AB16A782-21DC-40BB-8B9B-E13472D5C398}" = dir=in | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe | 
"{AC7F8311-3E74-46E9-9FF6-E5712F36D71A}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{AF8A7409-1243-4423-A5F4-989855B35A43}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"{B652A4FE-8C60-40C1-83FE-29C10B149AE2}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |  
"{CA5D4B33-F18E-48BD-A311-525A5649B2E0}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\7zsbcbb.tmp\symnrt.exe | 
"{CAF1E927-D9BE-44B0-92C5-E8D093FFE02C}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{D1ED9A39-4C9A-4D00-A441-42CA86C7A90F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D51541CF-6954-4C08-9979-FCEBBC8070EA}" = protocol=6 | dir=in | app=c:\program files\opera2\opera.exe | 
"{D6F1C8EC-FBF2-4EE4-AEDA-87A899E01819}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | 
"{E457D6D7-6209-4EB1-A090-3DEBFA486E26}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{EB64D66D-2E67-4262-9DDB-F54FB9BE7010}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{EC012FFC-5C4A-477F-B4CD-C6F302110E7D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{EFBD88EA-6691-448F-982B-3BEE4CC55866}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | 
"{F1900A91-57B5-40F0-BBCF-61351B4D3DE9}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{FB1EF48B-4837-4A90-90EC-482FC83A4EDE}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{FED33A82-A507-452E-B59C-D80A26CD7749}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"TCP Query User{02E1653D-1D89-4246-9962-6444F1E4FAEC}C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe | 
"TCP Query User{05438640-91AD-4C73-83AC-1A4BD232DA0A}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"TCP Query User{09050517-7C12-4B49-AA0A-9D5835111A75}C:\program files\adventnet\me\wifimanager\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\java.exe | 
"TCP Query User{0C2FD8E4-1F26-4E90-BC3A-1A4FE6C5C261}C:\program files\activision value\wsop 2008\wsopbftb.exe" = protocol=6 | dir=in | app=c:\program files\activision value\wsop 2008\wsopbftb.exe | 
"TCP Query User{15303ACB-CCF3-4592-84DB-FA0C1A35EF4E}C:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe | 
"TCP Query User{1CF5E7EE-048B-48C9-8C8F-1CBEC1FED375}C:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe | 
"TCP Query User{1E006593-E637-4B2E-9BCA-507BA2DD81B8}C:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe | 
"TCP Query User{28072226-F10F-45CE-8287-0612C73FA899}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe | 
"TCP Query User{30CF8EAF-FEDC-4536-9CF9-E3B0FDD42F29}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{4CCD0BF3-0FE7-466A-BBBB-E55914E30B2C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{51C54298-8F6A-4FAE-BA47-85D1039DFCC4}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe | 
"TCP Query User{563C230A-EADD-4D3B-8903-7EE618E32492}C:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe" = protocol=6 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe | 
"TCP Query User{6BAA2A63-7432-4CEF-8103-38B101CC67C8}C:\program files\the political machine\polmachine.exe" = protocol=6 | dir=in | app=c:\program files\the political machine\polmachine.exe | 
"TCP Query User{73E292D9-93F2-4246-9007-93B18B747EFA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{742BC9E8-7FA4-4B6D-9006-2E71F4692F26}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{766198D1-382F-4BFB-B9CE-24F4BA188590}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"TCP Query User{8898FBA4-347B-4D67-8FD3-EBCD5EAB974B}C:\program files\fritz!dsl\fboxupd.exe" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"TCP Query User{95F49E31-5219-4972-BE88-280C633F6A80}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{AC0D90B2-F861-4DA1-AF72-84EE9406DC03}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{AC28F2D1-FB55-4606-BC94-6E6FB3A0EF6E}C:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{C224D2CE-E6D9-4572-A13D-102B7501B00B}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | 
"TCP Query User{DF29CF28-EF35-400E-BDCC-973CAA0B0465}C:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe | 
"TCP Query User{E1DA06E3-F31E-4201-B1CD-96841B9FA5AC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{FA19DF02-D06C-4251-A002-375518C24E04}C:\program files\halite\halite.exe" = protocol=6 | dir=in | app=c:\program files\halite\halite.exe | 
"TCP Query User{FBD5DE27-512C-4892-B022-0B635133C8B9}C:\users\administrator\desktop\eigene dateien\iron man\ironman.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\eigene dateien\iron man\ironman.exe | 
"TCP Query User{FC594059-01EB-4EEC-B5DF-225807ADADDC}C:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe | 
"UDP Query User{0350CA5A-4DC0-4B5F-B092-0BA4474EF44D}C:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\ghost recon advanced warfighter demo\graw_demo.exe | 
"UDP Query User{2A08413E-CC00-4F90-96BA-D07C3D492A8E}C:\program files\halite\halite.exe" = protocol=17 | dir=in | app=c:\program files\halite\halite.exe | 
"UDP Query User{3623793C-BF82-44C3-BB9C-9C72815DD46D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3FCC1646-D742-432F-B168-7E8DC91804E3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{499424AB-1B27-4718-94BB-0892081F463C}C:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\rmiregistry.exe | 
"UDP Query User{4C9178B5-E1EE-4F89-A906-426364747E08}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe | 
"UDP Query User{53512F8C-5113-4C01-AA59-DCA994C223F3}C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe | 
"UDP Query User{5904DC66-130D-4CFB-B46A-F854CF292462}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"UDP Query User{5B8DF1C6-5089-4E68-9B97-68C7E7B81F6C}C:\program files\fritz!dsl\fboxupd.exe" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"UDP Query User{5D91D26F-856C-4794-A5B9-0575B955A134}C:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe | 
"UDP Query User{7A3A3887-3FB2-426F-83CF-04C00ECACC89}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"UDP Query User{8B20CE25-E1DC-4415-A254-11A697570454}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{97FDE305-5139-4664-A196-46A5287E2B48}C:\users\administrator\desktop\eigene dateien\iron man\ironman.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\eigene dateien\iron man\ironman.exe | 
"UDP Query User{9CC135B6-A435-4174-B22D-024A03EE5B0B}C:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{A2C6B0C9-7E27-43D8-A11A-E528B09E6850}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{A8AC7C94-57A1-416A-8ACD-1B72AC5BF7C7}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | 
"UDP Query User{B12AF9FB-24E4-4D95-A544-5F4DDAB8C173}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe | 
"UDP Query User{B52A1393-A45B-481D-9469-251CFCF42868}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{BD972EF3-4C32-487B-B2EC-7A6F5851A32D}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{C4B8A8EE-4710-4E63-A58F-30F2BB3C6191}C:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\launch4j-tmp\jdownloader.exe | 
"UDP Query User{D3D579DE-114A-483F-AB96-A9EC5013AF4A}C:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\eigene dateien\battlefield 2\bf2.exe | 
"UDP Query User{D57FE6D1-CF62-4863-8E8D-0D8CF287195D}C:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\mysql\bin\mysqld-nt.exe | 
"UDP Query User{DC2CB21C-EC55-4E58-BEDD-05FD580618C1}C:\program files\the political machine\polmachine.exe" = protocol=17 | dir=in | app=c:\program files\the political machine\polmachine.exe | 
"UDP Query User{E0E6333F-B6D9-4072-AC9C-A894738929CF}C:\program files\adventnet\me\wifimanager\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\adventnet\me\wifimanager\jre\bin\java.exe | 
"UDP Query User{E73495B7-79B8-4DBF-ACF1-0AE4D9F30C3D}C:\program files\activision value\wsop 2008\wsopbftb.exe" = protocol=17 | dir=in | app=c:\program files\activision value\wsop 2008\wsopbftb.exe | 
"UDP Query User{EAC9A772-97AD-44E7-B098-6538BCBF1739}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 C2
"{34D8A788-9397-4695-86BF-B6920284CC65}_is1" = Power AMR MP3 WAV WMA M4A AC3 Audio Converter 2.1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager Installer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}" = BIOS Configuration for HP ProtectTools
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{93D44E47-EBE0-43FC-A427-8AC3CD026536}" = Vista Default Settings
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{C0895AF2-3E62-4F99-AFBD-13FB41216CD5}" = PGP Desktop
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5EDCC75-41E1-4510-B533-7B2ABA37BE45}" = ESU for Microsoft Vista
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.0
"a-squared Free_is1" = a-squared Free 4.5
"Audio Editor Gold_is1" = Audio Editor Gold v9.2.11 Build 533
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"BrothersInArms" = Brothers In Arms
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"PROSet" = Intel(R) Network Connections Drivers
"SecureW2 Client" = SecureW2 Client 3.1.2
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.1 for Windows
"Spyware Terminator_is1" = Spyware Terminator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"tvbrowser" = TV-Browser 3.0-beta2
"VLC media player" = VLC media player 1.0.5
"VSO Image Resizer_is1" = VSO Image Resizer 1.3.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-420206636-805589922-3808772611-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.08.2010 18:53:30 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 01.09.2010 00:48:11 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 01.09.2010 01:02:45 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 01.09.2010 01:19:06 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 01.09.2010 02:02:46 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 01.09.2010 02:19:05 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 01.09.2010 03:02:46 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 01.09.2010 03:19:05 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 01.09.2010 04:02:45 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
Error - 01.09.2010 04:19:08 | Computer Name = 5thDivision | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 01.09.2010 00:48:32 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.09.2010 00:48:32 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.09.2010 04:40:36 | Computer Name = 5thDivision | Source = LSM | ID = 1048
Description = 
 
Error - 01.09.2010 04:41:21 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.09.2010 04:41:21 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.09.2010 04:41:21 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.09.2010 11:13:27 | Computer Name = 5thDivision | Source = LSM | ID = 1048
Description = 
 
Error - 01.09.2010 11:14:04 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.09.2010 11:14:04 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.09.2010 11:14:04 | Computer Name = 5thDivision | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
  9. 02.09.2010 14:38 #29
    pc-jedi
    pc-jedi ist offline
    Senior Team-Mitglied Benutzerbild von pc-jedi
    Registriert seit
    17.07.2009
    Beiträge
    3.643

    AW: Trojanerbefall führt zu Extremausfall

    Hi

    Allerdings vermeldet malwarebytes im Hintergrund häufig, dass Zugang zu bestimmten Ip Adressen erfolgreich blockiert wurden.
    Hast du Malwarebytes als Vollversion? Und welche Ip wird geblockt?
    mfg pc-jedi

    Wenn nicht innerhalb von 48 Stunden antworte schickt mir bitte eine Nachricht mit einem Link zu eurem Thread.
    Neu hier?
  10. 02.09.2010 14:44 #30
    hares
    hares ist offline
    Einsteiger
    Registriert seit
    16.08.2010
    Beiträge
    18

    AW: Trojanerbefall führt zu Extremausfall

    Ja, ich habe die Vollversion erworben.

    Es sind immer andere IPs und es gibt keinen Log. Soll ich sie notieren?
Thema geschlossen
Seite 3 von 4 ErsteErste 1 2 3 4 LetzteLetzte
« Vorheriges Thema | Nächstes Thema »

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

     

Ähnliche Themen

  1. Trojanerbefall
    Von Trojanerbefall? im Forum Archiv
    Antworten: 13
    Letzter Beitrag: 07.04.2010, 00:43
  2. Trojanerbefall?
    Von dunno im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 19.09.2009, 21:04
  3. Trojanerbefall?
    Von Troneiner im Forum Vista-Archiv
    Antworten: 13
    Letzter Beitrag: 16.06.2008, 20:23
  4. Trojanerbefall????
    Von Richris im Forum Archiv
    Antworten: 10
    Letzter Beitrag: 05.12.2005, 12:02
  5. Trojanerbefall?
    Von drs im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 17.07.2005, 20:44

Forumregeln

  • Es ist Ihnen nicht erlaubt, neue Themen zu verfassen.
  • Es ist Ihnen nicht erlaubt, auf Beiträge zu antworten.
  • Es ist Ihnen nicht erlaubt, Anhänge hochzuladen.
  • Es ist Ihnen nicht erlaubt, Ihre Beiträge zu bearbeiten.

Foren-Regeln