Home » Viren, Trojaner & Malware Forum » Trojaner Backdoor.Ciadoor eingefangen » Themenansicht

Trojaner Backdoor.Ciadoor eingefangen
#0
05.12.2009, 03:13
nic_
Member

Themenstarter

Beiträge: 28
#16 Der Flash Disinfector hat auf Vista leider nicht funktioniert, obwohl ich auf zulassen bin. Habe es dann auf einem anderen PC mit XP drauf gemacht und da alle Laufwerke angeschlossen. Hat dann geklappt.

Bei combofix macht mir diese Meldung etwas Sorge:



Ich habe da wirklich jetzt bedenken, dass das Programm vielleicht
irgend einen Schaden an dem PC anrichtet?
Seitenanfang Seitenende
05.12.2009, 13:16
Swisstreasure
Moderator

Beiträge: 5694
#17 Es liegt natürlich an Dir, aber ich kenne keinen Fall wo es Probleme gab.
Seitenanfang Seitenende
14.12.2009, 17:39
nic_
Member

Themenstarter

Beiträge: 28
#18 Nachdem ich eine Woche nicht zu Hause war, will ich mich wieder dem PC widmen.

Ich habe mich erstmal gegen combofix entschieden, weil es mir zu riskant erscheint.

Habe jetzt nochmal alle externen Datenträger an einem zweiten PC angeschlossen und mit Antivir gescannt, aber ohne Ergebnis.


Zitat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bfe7b4f-2a5f-11de-8559-00016c09bfcc}]
shell\AutoRun\command - K:\_WD\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}]
shell\AutoRun\command - 9yqusig.bat
shell\explore\command - 9yqusig.bat
shell\open\command - 9yqusig.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acd3be9c-c5fe-11de-aea5-00016c09bfcc}]
shell\AutoRun\command - G:\QsSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd54c3dd-d3bf-11dc-95cd-00016c09bfcc}]
shell\1\command - autorun.pif
shell\2\command - autorun.pif
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif
Die Einträge habe ich mir auch nochmal angeguckt. Also das erste "K:\_WD\WDSetup.exe" ist das Setup Programm einer externen Western Digital Festplatte und dürfte ja nichts schlimmes sein.

Die "G:\QsSetup.exe" ist das Programm von dem O2 Surfstick meiner Schwester und wohl auch nichts schlimmes.

Also bleibt noch die "9yqusig.bat" und der letzte Eintrag. Habe mal bisschen gegoogelt und zwei Programme gefunden die diese "9yqusig.bat" entfernen sollen:

hxxp://www.spywareremovalblog.com/remove-9yqusigbat/
http://www.prevx.com/filenames/X34340269846455029-X1/9YQUSIG.BAT.html

Kennst jemand vielleicht diese Programme und weiß, ob die Empfehlenswert sind?

Danke schon mal für die Hilfe. ;)
Seitenanfang Seitenende
14.12.2009, 17:50
Swisstreasure
Moderator

Beiträge: 5694
#19 Hallo

Bitte gib hier jeweils Bescheid wenn Du länger nicht mehr kommst. Damit wir wissen was los ist.
Hast DU das wirklich gemacht:
http://board.protecus.de/t38393.htm#331065
Seitenanfang Seitenende
14.12.2009, 20:51
nic_
Member

Themenstarter

Beiträge: 28
#20 Sorry, fürs nicht abmelden.

Ja, den Flash Disinfector habe ich mit allen angeschlossenen externen Datenträgern angewendet.
Seitenanfang Seitenende
14.12.2009, 21:14
Swisstreasure
Moderator

Beiträge: 5694
#21 Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
14.12.2009, 22:14
nic_
Member

Themenstarter

Beiträge: 28
#22

Code

OTL logfile created on: 14.12.2009 21:51:24 - Run 1
OTL by OldTimer - Version 3.1.17.0     Folder = C:\Users\Uschi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,45% Memory free
4,00 Gb Paging File | 1,44 Gb Available in Paging File | 36,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 96,49 Gb Free Space | 64,73% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BERNHARD-PC
Current User Name: Bernhard
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Uschi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\snmp.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\osk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mqtgsvc.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\System32\mqsvc.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Uschi\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation)
SRV - (gupdate1c9f62ba559c7dd) Google Update Service (gupdate1c9f62ba559c7dd) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\System32\snmp.exe (Microsoft Corporation)
SRV - (MSMQTriggers) -- C:\Windows\System32\mqtgsvc.exe (Microsoft Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WMSvc) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (MSMQ) -- C:\Windows\System32\mqsvc.exe (Microsoft Corporation)
SRV - (Irmon) -- C:\Windows\System32\irmon.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091211.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091211.002\NAVENG.SYS (Symantec Corporation)
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gtstusbser) -- C:\Windows\System32\drivers\gtstusbser.sys (Option N.V.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ENTECH) -- C:\Windows\System32\drivers\Entech.sys (EnTech Taiwan)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.06.26 11:17:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.13 08:10:30 | 00,000,000 | ---D | M]
 
[2009.11.25 14:20:43 | 00,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\g6ul8y59.default\extensions
[2008.06.02 20:29:46 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Firefox\Profiles\g6ul8y59.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.27 22:42:32 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.06.02 20:27:14 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.04.07 08:32:59 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll
[2008.04.07 08:32:59 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll
[2008.04.07 08:32:59 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll
[2008.04.07 08:33:00 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll
[2008.04.07 08:33:00 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll
[2006.08.24 22:07:50 | 00,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2006.08.24 22:07:50 | 00,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2006.11.10 12:42:00 | 00,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.10 23:32:03 | 00,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0bfe7b4f-2a5f-11de-8559-00016c09bfcc}\Shell\AutoRun\command - "" = K:\_WD\WDSetup.exe -- File not found
O33 - MountPoints2\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\Shell\AutoRun\command - "" = 9yqusig.bat
O33 - MountPoints2\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\Shell\explore\Command - "" = 9yqusig.bat
O33 - MountPoints2\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\Shell\open\Command - "" = 9yqusig.bat
O33 - MountPoints2\{acd3be9c-c5fe-11de-aea5-00016c09bfcc}\Shell - "" = AutoRun
O33 - MountPoints2\{acd3be9c-c5fe-11de-aea5-00016c09bfcc}\Shell\AutoRun\command - "" = G:\QsSetup.exe -- File not found
O33 - MountPoints2\{dd54c3dd-d3bf-11dc-95cd-00016c09bfcc}\Shell\1\Command - "" = autorun.pif
O33 - MountPoints2\{dd54c3dd-d3bf-11dc-95cd-00016c09bfcc}\Shell\2\Command - "" = autorun.pif
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]
 
[2009.12.12 03:01:51 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iisreset.exe
[2009.12.12 03:01:50 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iisrstap.dll
[2009.12.12 03:01:48 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iisRtl.dll
[2009.12.12 03:01:44 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009.12.12 03:01:42 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admwprox.dll
[2009.12.12 03:01:39 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ahadmin.dll
[2009.12.12 03:01:33 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009.12.12 03:01:22 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wamregps.dll
[2009.12.10 01:29:00 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009.12.10 01:28:58 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009.12.10 01:28:54 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009.12.10 01:28:00 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009.12.01 14:01:42 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009.11.30 13:47:44 | 00,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\Apple Computer
[2009.11.27 22:42:25 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.11.27 22:42:25 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.11.27 22:42:25 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.11.26 23:10:54 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009.11.26 22:28:58 | 00,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Malwarebytes
[2009.11.25 13:13:08 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009.11.25 11:22:16 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009.11.18 03:17:30 | 00,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2009.11.18 03:04:50 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009.11.18 03:04:49 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009.11.18 03:04:49 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009.11.18 03:04:00 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009.11.18 03:03:59 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009.11.18 03:03:56 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009.11.18 03:03:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009.11.18 03:03:55 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009.11.18 03:03:55 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009.11.18 03:03:55 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009.11.18 03:03:55 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009.11.18 03:03:55 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009.11.18 03:03:55 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009.11.18 03:03:55 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009.11.18 03:03:54 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009.11.18 03:03:54 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009.11.18 03:03:54 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009.11.18 03:03:54 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009.11.18 03:03:54 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009.11.18 03:03:53 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009.11.18 03:03:53 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009.11.18 03:03:53 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009.11.18 03:03:53 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009.11.18 03:03:53 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009.11.18 03:03:52 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009.11.18 03:03:52 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009.11.18 03:03:52 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009.11.18 03:03:52 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009.11.18 03:03:04 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009.11.18 03:03:03 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009.11.18 03:02:58 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009.11.18 03:02:53 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009.11.18 03:02:52 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009.11.18 03:02:51 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009.11.18 03:02:51 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009.11.18 03:02:51 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009.11.18 03:02:50 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009.11.18 03:02:50 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009.11.18 03:02:50 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009.11.18 03:02:50 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009.11.18 03:01:15 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009.11.18 03:01:11 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009.11.11 23:43:31 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.11.11 23:43:18 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009.10.31 19:00:56 | 00,000,000 | ---D | C] -- C:\Users\Bernhard\Documents\Downloads
[2009.10.31 19:00:30 | 00,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\skypePM
[2009.10.31 18:58:04 | 00,103,552 | ---- | C] (Option N.V.) -- C:\Windows\System32\drivers\gtstusbser.sys
[2009.10.31 18:57:02 | 00,000,000 | ---D | C] -- C:\Programme\Mobile Partner Manager
[2009.10.27 20:34:09 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009.10.27 20:34:06 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009.10.15 11:20:47 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009.10.15 11:20:47 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009.10.15 11:20:20 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009.10.13 16:06:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009.10.13 16:06:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009.10.13 16:06:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009.10.13 15:33:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009.10.10 09:41:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009.10.07 10:46:02 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009.10.07 10:46:00 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009.10.07 10:45:33 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009.10.07 10:45:33 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009.10.07 10:45:32 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009.10.07 10:44:59 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009.10.07 10:44:59 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]
 
[2009.12.14 21:55:22 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32029D1D-F855-4010-A463-A98579FA4B6A}.job
[2009.12.14 21:55:22 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0C5279A2-ABE2-42F1-A5DD-2A42DBB83A3C}.job
[2009.12.14 21:52:59 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DC5448AC-8CDA-4BF5-B3FA-C026AB12193B}.job
[2009.12.14 21:50:43 | 01,835,008 | -HS- | M] () -- C:\Users\Bernhard\ntuser.dat
[2009.12.14 21:50:34 | 00,524,288 | -HS- | M] () -- C:\Users\Bernhard\ntuser.dat{f4f72992-62ec-11de-9c53-00016c09bfcc}.TMContainer00000000000000000002.regtrans-ms
[2009.12.14 21:50:34 | 00,065,536 | -HS- | M] () -- C:\Users\Bernhard\ntuser.dat{f4f72992-62ec-11de-9c53-00016c09bfcc}.TM.blf
[2009.12.14 21:41:02 | 00,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009.12.14 20:16:53 | 00,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.14 20:16:53 | 00,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.14 17:17:21 | 00,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009.12.14 16:45:47 | 01,634,978 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.12.14 16:45:47 | 00,704,578 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.12.14 16:45:47 | 00,657,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.12.14 16:45:47 | 00,152,708 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.12.14 16:45:47 | 00,125,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.12.14 15:41:01 | 00,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009.12.14 08:17:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.14 08:16:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.14 08:16:45 | 21,459,02592 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.05 10:28:03 | 03,171,519 | -H-- | M] () -- C:\Users\Bernhard\AppData\Local\IconCache.db
[2009.11.27 22:08:13 | 00,007,168 | ---- | M] () -- C:\Users\Bernhard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.18 03:17:08 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009.11.18 03:14:28 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.11.17 02:42:00 | 00,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009.11.12 10:26:31 | 00,255,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.11.09 13:32:32 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wamregps.dll
[2009.11.09 13:31:42 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009.11.09 13:30:06 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iisRtl.dll
[2009.11.09 13:30:06 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iisrstap.dll
[2009.11.09 13:30:03 | 00,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009.11.09 13:28:40 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ahadmin.dll
[2009.11.09 13:28:34 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admwprox.dll
[2009.11.09 11:48:26 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iisreset.exe
[2009.11.03 22:56:50 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui
[2009.10.31 21:02:31 | 00,000,028 | ---- | M] () -- C:\Windows\flowstatics.db
[2009.10.31 20:19:18 | 00,000,962 | ---- | M] () -- C:\Windows\Mobile Partner Manager.INI
[2009.10.31 18:58:06 | 00,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner Manager.lnk
[2009.10.29 10:17:42 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009.10.27 15:08:37 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009.10.27 15:08:36 | 00,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009.10.27 14:16:28 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009.10.23 18:10:19 | 00,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009.10.20 08:10:15 | 00,524,288 | -HS- | M] () -- C:\Users\Bernhard\ntuser.dat{f4f72992-62ec-11de-9c53-00016c09bfcc}.TMContainer00000000000000000001.regtrans-ms
[2009.10.11 04:17:33 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.10.11 04:17:32 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.10.11 04:17:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.10.11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.10.09 00:45:38 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui
[2009.10.08 22:08:01 | 00,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009.10.08 22:07:59 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009.10.07 12:36:36 | 00,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009.10.01 02:03:09 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UMDF\de-DE\wpdmtpdr.dll.mui
[2009.10.01 02:02:05 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009.10.01 02:02:04 | 00,334,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009.10.01 02:02:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009.10.01 02:01:59 | 00,546,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009.10.01 02:01:59 | 00,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009.10.01 02:01:56 | 00,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009.10.01 02:01:56 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009.10.01 02:01:56 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009.10.01 02:01:56 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009.10.01 02:01:54 | 00,839,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll
[2009.10.01 02:01:52 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UMDF\WpdFs.dll
[2009.10.01 02:01:50 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009.10.01 02:01:49 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009.10.01 02:01:49 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009.09.25 03:10:10 | 00,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009.09.25 03:07:08 | 00,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009.09.25 03:04:32 | 00,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009.09.25 02:49:22 | 01,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009.09.25 02:48:08 | 00,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009.09.25 02:38:29 | 00,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009.09.25 02:36:13 | 00,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009.09.25 02:35:31 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009.09.25 02:33:25 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009.09.25 02:33:15 | 00,829,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009.09.25 02:33:01 | 00,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009.09.25 02:32:59 | 00,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009.09.25 02:31:53 | 00,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009.09.25 02:31:26 | 00,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009.09.25 02:31:21 | 00,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009.09.25 02:31:19 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009.09.25 02:31:16 | 01,030,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009.09.25 02:31:15 | 00,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009.09.25 02:30:23 | 00,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009.09.25 02:30:23 | 00,190,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009.09.25 02:27:04 | 01,064,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009.09.25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009.09.25 02:27:04 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009.09.24 23:54:53 | 00,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009.09.24 23:54:52 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2009.11.18 03:17:08 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009.11.18 03:14:28 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.10.31 18:58:12 | 00,000,028 | ---- | C] () -- C:\Windows\flowstatics.db
[2009.10.31 18:58:11 | 00,000,962 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
[2009.10.31 18:58:06 | 00,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner Manager.lnk
[2009.09.11 01:08:34 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.26 07:59:47 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.04 16:35:50 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.03.04 16:34:51 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.03.04 16:22:05 | 00,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2008.01.25 19:39:57 | 00,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2007.10.14 12:57:11 | 00,007,168 | ---- | C] () -- C:\Users\Bernhard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.11 21:00:23 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.10.11 17:34:08 | 00,000,680 | ---- | C] () -- C:\Users\Bernhard\AppData\Local\d3d9caps.dat
[2007.09.28 17:07:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007.09.28 17:05:50 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007.09.28 17:05:50 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007.09.28 17:05:08 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 16:53:42 | 00,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >

Dieser Beitrag wurde am 14.12.2009 um 22:20 Uhr von nic_ editiert.
Seitenanfang Seitenende
14.12.2009, 22:21
nic_
Member

Themenstarter

Beiträge: 28
#23

Code

OTL Extras logfile created on: 14.12.2009 21:51:24 - Run 1
OTL by OldTimer - Version 3.1.17.0     Folder = C:\Users\Uschi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,45% Memory free
4,00 Gb Paging File | 1,44 Gb Available in Paging File | 36,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 96,49 Gb Free Space | 64,73% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BERNHARD-PC
Current User Name: Bernhard
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E343D0-3AD8-461F-8F09-5056A18D0F24}" = protocol=6 | dir=in | app=c:\windows\system32\mqsvc.exe | 
"{15971250-A8DA-43A7-A491-323047758A23}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | 
"{17A9C25F-D9CA-4CAF-8D01-E54A16E37307}" = protocol=17 | dir=in | app=c:\windows\system32\mqsvc.exe | 
"{28D8FA29-20B0-43C9-909E-B9C0E2A0E3BB}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe | 
"{2D8EF807-7D7D-4F78-B776-33FFC0B1CAD9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{3DDE3B58-9586-41D2-970B-BB767448FCAC}" = protocol=6 | dir=in | app=c:\windows\system32\mqsvc.exe | 
"{4392761D-1F67-42F4-A35F-4C9579D8B3C8}" = protocol=17 | dir=in | app=c:\windows\system32\mqsvc.exe | 
"{49D0C9ED-D3B9-4D41-BF06-3BCB45FC7F02}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | 
"{63A3C231-687B-47D8-A721-73491E440EE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{93E76585-E2CE-4975-A4B4-7DDEEEA0049E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9BFD3706-066C-475F-A9D5-19D923F62400}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{C2BEEFF9-8868-4134-80B2-18E6669F36C6}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe | 
"{D26EE991-26BA-4192-A8F1-B1CEE497C403}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{322763D2-2C9D-4AC9-84C2-BC79B3A4C832}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{3352647B-F94F-4F0C-86B1-32C2C5DAD4D2}J:\portableapps\mirandaportable\app\miranda\miranda32.exe" = protocol=6 | dir=in | app=j:\portableapps\mirandaportable\app\miranda\miranda32.exe | 
"TCP Query User{379C95AA-4BE0-4E4F-8B80-5C72265F61B2}U:\portableapps\internet\mirandaportable\app\miranda\miranda32.exe" = protocol=6 | dir=in | app=u:\portableapps\internet\mirandaportable\app\miranda\miranda32.exe | 
"TCP Query User{70820195-C3B9-44E5-88FA-77C42A516C23}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{7654873A-6BE3-4561-A045-BF3269D24772}C:\users\uschi\desktop\wlm lite 8.5.exe" = protocol=6 | dir=in | app=c:\users\uschi\desktop\wlm lite 8.5.exe | 
"TCP Query User{99C73447-872B-4E5D-ADE7-E4A8789A1FA3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{A03E36C8-F9D4-4586-884A-D25AD6A128BB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{A096C6CE-B3DA-4543-B75E-ACAB3BC3A998}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C8B96394-CEA7-438B-B22E-F11EF2117614}C:\users\uschi\desktop\skypeportable\phone\skype.exe" = protocol=6 | dir=in | app=c:\users\uschi\desktop\skypeportable\phone\skype.exe | 
"UDP Query User{07D5EE05-5D1E-4208-BD8A-63C15ACE526F}C:\users\uschi\desktop\wlm lite 8.5.exe" = protocol=17 | dir=in | app=c:\users\uschi\desktop\wlm lite 8.5.exe | 
"UDP Query User{2D8413FD-6215-4544-BA5E-E3EB5911B4EF}J:\portableapps\mirandaportable\app\miranda\miranda32.exe" = protocol=17 | dir=in | app=j:\portableapps\mirandaportable\app\miranda\miranda32.exe | 
"UDP Query User{3B7394B8-215B-488B-A048-0BD6060D3872}U:\portableapps\internet\mirandaportable\app\miranda\miranda32.exe" = protocol=17 | dir=in | app=u:\portableapps\internet\mirandaportable\app\miranda\miranda32.exe | 
"UDP Query User{7B402407-EB73-4CE0-BCB3-92814B7A04B2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{9C4C6765-D486-4E01-AC56-B884AA283BDE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B1ADEB7A-7464-412C-9143-979C9F7BF6E9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{CFFE132A-D673-4F73-B2ED-625C5C138E45}C:\users\uschi\desktop\skypeportable\phone\skype.exe" = protocol=17 | dir=in | app=c:\users\uschi\desktop\skypeportable\phone\skype.exe | 
"UDP Query User{F503591C-A37D-4D74-AE4E-AF36D5405446}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{FC2EC8C4-7FDF-429F-A4B9-B2815D323171}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{395AB8C5-F3A8-4380-8718-7A11EC5829F6}" = iCON 210
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{90E00407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IrfanView" = IrfanView (remove only)
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Medion GoPal Assistant" = Medion GoPal Assistant 4.01.012
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SWING" = SWING
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 18.08.2009 04:56:28 | Computer Name = Bernhard-PC | Source = EvntAgnt | ID = 2019
Description = Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig 
initialisiert.
 
Error - 18.08.2009 10:15:15 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 18.08.2009 10:50:01 | Computer Name = Bernhard-PC | Source = EvntAgnt | ID = 3003
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei. Der
 älteste Protokolleintrag kann nicht abgerufen werden. Der angegebene Dateihandle
 ist 14221340. Der Rückgabecode von GetOldestEventLogRecord ist 223.
 
Error - 18.08.2009 10:50:01 | Computer Name = Bernhard-PC | Source = EvntAgnt | ID = 2019
Description = Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig 
initialisiert.
 
Error - 18.08.2009 10:50:01 | Computer Name = Bernhard-PC | Source = EvntAgnt | ID = 1020
Description = Fehler beim Verarbeiten von Registrierungsparametern. Erweiterungs-Agent
 wird beendet.
 
Error - 18.08.2009 10:50:01 | Computer Name = Bernhard-PC | Source = EvntAgnt | ID = 2019
Description = Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig 
initialisiert.
 
Error - 19.08.2009 02:49:32 | Computer Name = Bernhard-PC | Source = EvntAgnt | ID = 3003
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei. Der
 älteste Protokolleintrag kann nicht abgerufen werden. Der angegebene Dateihandle
 ist 6422556. Der Rückgabecode von GetOldestEventLogRecord ist 223.
 
Error - 19.08.2009 02:49:32 | Computer Name = Bernhard-PC | Source = EvntAgnt | ID = 2019
Description = Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig 
initialisiert.
 
Error - 19.08.2009 02:49:32 | Computer Name = Bernhard-PC | Source = EvntAgnt | ID = 1020
Description = Fehler beim Verarbeiten von Registrierungsparametern. Erweiterungs-Agent
 wird beendet.
 
Error - 19.08.2009 02:49:32 | Computer Name = Bernhard-PC | Source = EvntAgnt | ID = 2019
Description = Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig 
initialisiert.
 
[ Media Center Events ]
Error - 18.04.2008 19:31:33 | Computer Name = Bernhard-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 31.10.2009 14:03:56 | Computer Name = Bernhard-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{8CDBC5FA-30BE-4007-AA14-7BBCCAE38D2E} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 31.10.2009 15:10:18 | Computer Name = Bernhard-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{8CDBC5FA-30BE-4007-AA14-7BBCCAE38D2E} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 31.10.2009 15:19:59 | Computer Name = Bernhard-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{8CDBC5FA-30BE-4007-AA14-7BBCCAE38D2E} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 04.11.2009 19:31:00 | Computer Name = Bernhard-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 23.11.2009 05:54:14 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.11.2009 05:54:14 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 26.11.2009 17:50:47 | Computer Name = Bernhard-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.11.2009 um 22:48:46 unerwartet heruntergefahren.
 
Error - 09.12.2009 22:09:34 | Computer Name = Bernhard-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11.12.2009 20:33:57 | Computer Name = Bernhard-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 12.12.2009 08:29:12 | Computer Name = Bernhard-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
Seitenanfang Seitenende
15.12.2009, 01:26
Swisstreasure
Moderator

Beiträge: 5694
#24 Fixen mit OTL
• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
O33 - MountPoints2\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\Shell\AutoRun\command - "" = 9yqusig.bat
O33 - MountPoints2\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\Shell\explore\Command - "" = 9yqusig.bat
O33 - MountPoints2\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\Shell\open\Command - "" = 9yqusig.bat
:Commands
[purity]
[emptytemp]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread
Seitenanfang Seitenende
15.12.2009, 02:58
nic_
Member

Themenstarter

Beiträge: 28
#25

Code

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\ not found.
File 9yqusig.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\ not found.
File 9yqusig.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c2510e5-edde-11dd-a3a3-00016c09bfcc}\ not found.
File 9yqusig.bat not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bernhard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 120287 bytes
 
User: Public
 
User: Uschi
->Temp folder emptied: 1660304 bytes
->Temporary Internet Files folder emptied: 176934 bytes
->Java cache emptied: 26526753 bytes
->FireFox cache emptied: 2263515 bytes
->Google Chrome cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 29,32 mb
 
 
OTL by OldTimer - Version 3.1.17.0 log created on 12152009_025012

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Seitenanfang Seitenende
15.12.2009, 11:08
Swisstreasure
Moderator

Beiträge: 5694
#26 Es wäre wirklich vernüngtig wenn du Combofix anwendest. Du kannst sicher sein, dass nichts passiert. Die Meldung ist nur für diie Absicherung der Programmschreiber, falls doch irgendwann mal etwas nicht mehr geht.
Also führe Combofix aus.
Seitenanfang Seitenende
16.12.2009, 03:18
nic_
Member

Themenstarter

Beiträge: 28
#27 Ich habe mich gegen Combofix entschieden, weil ich über Google einige negative Berichte gefunden habe und ich nichts riskieren möchte. Alle anderen Möglichkeiten habe ich jetzt wohl ausgeschöpft. Deswegen werde ich mit der ganzen Sache jetzt am besten aufhören und den PC zukünftig nicht mehr verwenden.

Ich will mich trotzdem nochmal herzlich für deine kompetente Hilfe bedanken. Sowas ist in anderen Foren nicht selbstverständlich. ;)

Lg

nic
Seitenanfang Seitenende
16.12.2009, 03:26
Swisstreasure
Moderator

Beiträge: 5694
#28 Wir können schon ohne Combofix weiter machen. Du musst einfach das Verhälntiss Verseuchter PC und Gefahr einer Zerstärung durch Combofix abwägen. Schau wie lange ich schon hier dabei bin. Mir ist kein Fall bekannt, wo was passiert ist. Aber wie gesagt, überreden will ich Dich nicht ;)
Seitenanfang Seitenende
17.12.2009, 02:29
nic_
Member

Themenstarter

Beiträge: 28
#29 Ich glaube dir schon das Combofix wohl das beste in diesem Fall wäre und du bisher nur gute Erfahrungen damit gemacht hast, aber da das der PC meiner Eltern ist, möchte ich mein Glück nicht herausfordern. ;)

Falls es noch irgendwelche anderen Möglichkeiten gibt, bin ich natürlich nicht abgeneigt die auszuprobieren. ;)
Seitenanfang Seitenende
17.12.2009, 08:21
Swisstreasure
Moderator

Beiträge: 5694
#30 Hallo

Antwort folgt heute Abend ;)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 123