Home » Viren, Trojaner & Malware Forum » facebook link " http://www.villamatildabb.com/images/gallery.php?l=IMG0525561.JP » Themenansicht
facebook link " http://www.villamatildabb.com/images/gallery.php?l=IMG0525561.JP |
||
|---|---|---|
| #0
| ||
|
18.10.2011, 10:20
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
18.10.2011, 10:21
...neu hier
Themenstarter Beiträge: 4 |
#2
hier mal dieser ausgang lock
09:54:46 m IP-BLOCK 199.80.55.123 (Type: outgoing, Port: 49948, Process: svchost.exe) 09:55:02 m IP-BLOCK 206.161.121.100 (Type: outgoing, Port: 50052, Process: svchost.exe) 09:55:19 m IP-BLOCK 199.80.55.123 (Type: outgoing, Port: 50103, Process: svchost.exe) 09:55:35 m IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50147, Process: svchost.exe) 09:55:35 m IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50148, Process: svchost.exe) 09:56:23 m IP-BLOCK 206.161.121.100 (Type: outgoing, Port: 50340, Process: svchost.exe) 09:56:32 m IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50367, Process: svchost.exe) 09:56:32 m IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50368, Process: svchost.exe) 09:56:32 m IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50369, Process: svchost.exe) 09:56:32 m IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50370, Process: svchost.exe) 09:56:40 m IP-BLOCK 206.161.121.100 (Type: outgoing, Port: 50384, Process: svchost.exe) 09:56:48 m IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 50394, Process: svchost.exe) 09:56:56 m IP-BLOCK 206.161.121.100 (Type: outgoing, Port: 50400, Process: svchost.exe) 09:57:37 m IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50510, Process: svchost.exe) 09:57:37 m IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50511, Process: svchost.exe) 09:57:53 m IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50540, Process: svchost.exe) 09:57:53 m IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50542, Process: svchost.exe) 09:57:53 m IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50543, Process: svchost.exe) 09:58:50 m IP-BLOCK 109.236.81.172 (Type: outgoing, Port: 50749, Process: svchost.exe) 10:02:53 m IP-BLOCK 146.185.250.137 (Type: outgoing, Port: 51184, Process: svchost.exe) 10:02:53 m IP-BLOCK 146.185.250.138 (Type: outgoing, Port: 51185, Process: svchost.exe) 10:02:53 m IP-BLOCK 146.185.250.139 (Type: outgoing, Port: 51186, Process: svchost.exe) 10:02:53 m IP-BLOCK 146.185.250.137 (Type: outgoing, Port: 51187, Process: svchost.exe) 10:02:53 m IP-BLOCK 146.185.250.138 (Type: outgoing, Port: 51188, Process: svchost.exe) 10:03:10 m IP-BLOCK 146.185.250.135 (Type: outgoing, Port: 51210, Process: svchost.exe) 10:07:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51245, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51246, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51247, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51249, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51250, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51251, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51252, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51257, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51258, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51259, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51260, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51261, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51262, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51266, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51267, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51268, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51269, Process: iexplore.exe) 10:07:19 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51271, Process: iexplore.exe) 10:09:27 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51319, Process: iexplore.exe) 10:09:27 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51320, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51521, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51522, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51523, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51524, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51525, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51526, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51527, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51528, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51529, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51530, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51531, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51532, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51533, Process: iexplore.exe) 10:11:11 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51534, Process: iexplore.exe) 10:11:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51538, Process: iexplore.exe) 10:11:19 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51539, Process: iexplore.exe) 10:11:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51540, Process: iexplore.exe) 10:11:19 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51541, Process: iexplore.exe) 10:11:19 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51542, Process: iexplore.exe) 10:11:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51543, Process: iexplore.exe) 10:11:19 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51544, Process: iexplore.exe) 10:11:19 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51545, Process: iexplore.exe) 10:11:19 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51546, Process: iexplore.exe) 10:11:20 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51547, Process: iexplore.exe) 10:11:20 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51548, Process: iexplore.exe) 10:11:20 m IP-BLOCK 83.133.119.154 (Type: outgoing, Port: 51549, Process: iexplore.exe) 10:11:20 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51550, Process: iexplore.exe) 10:11:20 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51551, Process: iexplore.exe) 10:14:00 m IP-BLOCK 83.133.124.195 (Type: outgoing, Port: 51584, Process: iexplore.exe) 10:14:16 m IP-BLOCK 146.185.250.138 (Type: outgoing, Port: 51617, Process: svchost.exe) 10:14:16 m IP-BLOCK 146.185.250.139 (Type: outgoing, Port: 51618, Process: svchost.exe) 10:14:16 m IP-BLOCK 146.185.250.137 (Type: outgoing, Port: 51619, Process: svchost.exe) 10:14:16 m IP-BLOCK 146.185.250.138 (Type: outgoing, Port: 51620, Process: svchost.exe) 10:14:16 m IP-BLOCK 146.185.250.139 (Type: outgoing, Port: 51621, Process: svchost.exe) 10:15:28 m IP-BLOCK 83.133.124.196 (Type: outgoing, Port: 51661, Process: iexplore.exe) 10:16:16 m IP-BLOCK 146.185.250.137 (Type: outgoing, Port: 51812, Process: svchost.exe) |
|
|
|
|
|
|
18.10.2011, 10:24
...neu hier
Themenstarter Beiträge: 4 |
#3
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com [Unregistered version] Scan started at: 10:06:05 18 Okt 2011 Using Database v7779 Operating System: Windows Vista Ultimate (SP2) [Build: 6.0.6002] File System: NTFS User Account Control is DISABLED UserData directory: C:\Users\m\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\m\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 10:06:05: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 10:06:06: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2926592 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 25088 bytes Created: 21.01.2008 04:22 Modified: 21.01.2008 04:22 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Windows Defender Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide C:\Program Files\Windows Defender\MSASCui.exe 1008184 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Microsoft Corporation -------------------- Value Name: Adobe ARM Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 937920 bytes Created: 06.06.2011 12:55 Modified: 06.06.2011 12:55 Company: Adobe Systems Incorporated -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" C:\Program Files\Common Files\Java\Java Update\jusched.exe 254696 bytes Created: 08.04.2011 12:59 Modified: 08.04.2011 12:59 Company: Sun Microsystems, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1167296 bytes Created: 18.10.2011 09:35 Modified: 05.07.2010 12:49 Company: Simply Super Software -------------------- Value Name: Malwarebytes' Anti-Malware Value Data: "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 449608 bytes Created: 18.10.2011 09:52 Modified: 31.08.2011 17:00 Company: Malwarebytes Corporation -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Value Name: Malwarebytes' Anti-Malware Value Data: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 449608 bytes Created: 18.10.2011 09:52 Modified: 31.08.2011 17:00 Company: Malwarebytes Corporation -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: KiesHelper Value Data: C:\Program Files\Samsung\Kies\KiesHelper.exe /s C:\Program Files\Samsung\Kies\KiesHelper.exe 958352 bytes Created: 05.07.2011 19:08 Modified: 01.08.2011 05:32 Company: Samsung -------------------- Value Name: KiesTrayAgent Value Data: C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe 3507088 bytes Created: 24.06.2011 15:54 Modified: 01.08.2011 05:32 Company: Samsung Electronics Co., Ltd. -------------------- Value Name: KiesPDLR Value Data: C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 20880 bytes Created: 24.06.2011 15:54 Modified: 01.08.2011 05:32 Company: -------------------- Value Name: Sony Ericsson PC Companion Value Data: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe 433360 bytes Created: 11.09.2011 18:35 Modified: 25.07.2011 11:41 Company: Sony Ericsson -------------------- Value Name: Google Update Value Data: "C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe" /c C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe 136176 bytes Created: 20.09.2011 00:12 Modified: 09.09.2011 23:16 Company: Google Inc. -------------------- Value Name: AVMUSBFernanschluss Value Data: "C:\Users\m\AppData\Local\Apps\2.0\8JT1H7P7.RN0\BZ2RC427.8E6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" C:\Users\m\AppData\Local\Apps\2.0\8JT1H7P7.RN0\BZ2RC427.8E6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe 147456 bytes Created: 17.10.2011 14:20 Modified: 17.10.2011 14:20 Company: AVM Berlin -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 10:06:08: Scanning -----SHELLEXECUTEHOOKS----- ShellExecuteHooks key is empty ************************************************************ 10:06:08: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 10:06:08: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\Windows\system32\logon.scr C:\Windows\system32\logon.scr 5714432 bytes Created: 21.01.2008 04:22 Modified: 21.01.2008 04:22 Company: Microsoft Corporation -------------------- ************************************************************ 10:06:08: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} Path: C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 C:\Program Files\Internet Explorer\clrtour.inf 1855 bytes Created: 17.03.2009 12:20 Modified: 17.03.2009 12:20 Company: [no info] ---------- ************************************************************ 10:06:09: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************************ 10:06:09: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AdobeARMservice ImagePath: "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 64952 bytes Created: 06.06.2011 12:55 Modified: 06.06.2011 12:55 Company: Adobe Systems Incorporated ---------- Key: atapi ImagePath: system32\drivers\atapi.sys C:\Windows\system32\drivers\atapi.sys 19944 bytes Created: 11.04.2009 15:18 Modified: 11.04.2009 15:18 Company: Microsoft Corporation ---------- Key: avmaudio ImagePath: system32\DRIVERS\avmaudio.sys C:\Windows\system32\DRIVERS\avmaudio.sys 101248 bytes Created: 17.10.2011 14:20 Modified: 17.10.2011 14:20 Company: AVM Berlin ---------- Key: clr_optimization_v4.0.30319_32 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 130384 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: dgderdrv ImagePath: System32\drivers\dgderdrv.sys C:\Windows\System32\drivers\dgderdrv.sys 20032 bytes Created: 05.07.2011 19:08 Modified: 07.06.2011 11:13 Company: Devguru Co., Ltd ---------- Key: dg_ssudbus ImagePath: system32\DRIVERS\ssudbus.sys C:\Windows\system32\DRIVERS\ssudbus.sys 76088 bytes Created: 05.07.2011 19:11 Modified: 16.06.2011 11:22 Company: DEVGURU Co., LTD.(www.devguru.co.kr) ---------- Key: ggflt ImagePath: system32\DRIVERS\ggflt.sys C:\Windows\system32\DRIVERS\ggflt.sys 13224 bytes Created: 12.09.2011 21:01 Modified: 12.09.2011 21:01 Company: Sony Ericsson Mobile Communications ---------- Key: ggsemc ImagePath: system32\DRIVERS\ggsemc.sys C:\Windows\system32\DRIVERS\ggsemc.sys 25512 bytes Created: 12.09.2011 21:01 Modified: 12.09.2011 21:01 Company: Sony Ericsson Mobile Communications ---------- Key: gupdate ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /svc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. ---------- Key: gupdatem ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. ---------- Key: HSFHWAZL ImagePath: system32\DRIVERS\VSTAZL3.SYS C:\Windows\system32\DRIVERS\VSTAZL3.SYS 200704 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Conexant Systems, Inc. ---------- Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iastorv.sys C:\Windows\system32\drivers\iastorv.sys 235064 bytes Created: 02.11.2006 09:36 Modified: 21.01.2008 04:21 Company: Intel Corporation ---------- Key: IpInIp ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded ---------- Key: MBAMProtector ImagePath: \??\C:\Windows\system32\drivers\mbam.sys C:\Windows\system32\drivers\mbam.sys 22216 bytes Created: 18.10.2011 09:52 Modified: 31.08.2011 17:00 Company: Malwarebytes Corporation ---------- Key: MBAMService ImagePath: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 366152 bytes Created: 18.10.2011 09:52 Modified: 31.08.2011 17:00 Company: Malwarebytes Corporation ---------- Key: msiserver ImagePath: %systemroot%\system32\msiexec /V ---------- Key: NETw3v32 ImagePath: system32\DRIVERS\NETw3v32.sys C:\Windows\system32\DRIVERS\NETw3v32.sys 2225664 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Intel Corporation ---------- Key: NETw4v32 ImagePath: system32\DRIVERS\NETw4v32.sys C:\Windows\system32\DRIVERS\NETw4v32.sys 2251776 bytes Created: 19.10.2007 00:29 Modified: 19.10.2007 00:29 Company: Intel Corporation ---------- Key: NwlnkFlt ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded ---------- Key: NwlnkFwd ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded ---------- Key: PDAgent ImagePath: "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe" C:\Program Files\Raxco\PerfectDisk\PDAgent.exe 1242376 bytes Created: 11.08.2011 14:52 Modified: 11.08.2011 14:52 Company: Raxco Software, Inc. ---------- Key: PDEngine ImagePath: "C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe" C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe 2123016 bytes Created: 11.08.2011 14:52 Modified: 11.08.2011 14:52 Company: Raxco Software, Inc. ---------- Key: PDFSFilter ImagePath: system32\DRIVERS\PDFsFilter.sys C:\Windows\system32\DRIVERS\PDFsFilter.sys 66832 bytes Created: 27.07.2011 07:02 Modified: 27.07.2011 07:02 Company: Raxco Software, Inc. ---------- Key: R5U870FLx86 ImagePath: System32\Drivers\R5U870FLx86.sys C:\Windows\System32\Drivers\R5U870FLx86.sys 72704 bytes Created: 26.07.2011 12:13 Modified: 27.10.2006 14:08 Company: Ricoh ---------- Key: R5U870FUx86 ImagePath: System32\Drivers\R5U870FUx86.sys C:\Windows\System32\Drivers\R5U870FUx86.sys 43904 bytes Created: 26.07.2011 12:13 Modified: 27.10.2006 14:08 Company: Ricoh ---------- Key: Sony Ericsson PCCompanion ImagePath: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe 155344 bytes Created: 11.09.2011 18:35 Modified: 29.06.2011 15:59 Company: Avanquest Software ---------- Key: ssudmdm ImagePath: system32\DRIVERS\ssudmdm.sys C:\Windows\system32\DRIVERS\ssudmdm.sys 181432 bytes Created: 05.07.2011 19:11 Modified: 16.06.2011 11:22 Company: DEVGURU Co., LTD.(www.devguru.co.kr) ---------- Key: usbvideo ImagePath: System32\Drivers\usbvideo.sys C:\Windows\System32\Drivers\usbvideo.sys 134016 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Microsoft Corporation ---------- Key: winachsf ImagePath: system32\DRIVERS\VSTCNXT3.SYS C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 654336 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Conexant Systems, Inc. ---------- Key: WinUSB ImagePath: system32\DRIVERS\WinUSB.sys C:\Windows\system32\DRIVERS\WinUSB.sys 31616 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation ---------- Key: wlidsvc ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1713536 bytes Created: 28.03.2011 20:31 Modified: 28.03.2011 20:31 Company: Microsoft Corp. ---------- Key: WpdUsb ImagePath: system32\DRIVERS\wpdusb.sys C:\Windows\system32\DRIVERS\wpdusb.sys 40448 bytes Created: 09.12.2009 01:32 Modified: 09.12.2009 01:32 Company: Microsoft Corporation ---------- Key: WPFFontCache_v0400 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 753504 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: YahooAUService ImagePath: "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 602392 bytes Created: 09.11.2008 22:48 Modified: 09.11.2008 22:48 Company: Yahoo! Inc. ---------- ************************************************************ 10:06:16: Scanning -----VXD ENTRIES----- ************************************************************ 10:06:16: Scanning ----- WINLOGON\NOTIFY DLLS ----- No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 10:06:16: Scanning ----- CONTEXTMENUHANDLERS ----- ************************************************************ 10:06:16: Scanning ----- FOLDER\COLUMNHANDLERS ----- ************************************************************ 10:06:16: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {02478D38-C3F9-4efb-9B51-7695ECA05670} BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll 1392952 bytes Created: 16.03.2011 04:51 Modified: 16.03.2011 04:51 Company: Yahoo! Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 441216 bytes Created: 28.03.2011 20:35 Modified: 28.03.2011 20:35 Company: Microsoft Corp. ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll 305328 bytes Created: 16.06.2011 21:01 Modified: 18.08.2011 01:16 Company: Google Inc. ---------- Key: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll 163128 bytes Created: 16.03.2011 04:51 Modified: 16.03.2011 04:51 Company: Yahoo! Inc ---------- ************************************************************ 10:06:16: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 10:06:16: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************************ 10:06:16: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 10:06:16: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 10:06:17: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 10:06:17: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 02.11.2006 14:49 Modified: 21.01.2008 04:41 Company: [no info] -------------------- ************************************************************ 10:06:17: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: m [C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 03.06.2011 04:33 Modified: 03.06.2011 04:33 Company: [no info] ---------- -------------------- ************************************************************ 10:06:17: Scanning ----- SCHEDULED TASKS ----- Taskname: CreateChoiceProcessTask File: C:\Windows\System32\browserchoice.exe C:\Windows\System32\browserchoice.exe 293376 bytes Created: 21.06.2011 14:42 Modified: 12.02.2010 12:32 Company: Microsoft Corporation Parameters: /launch Schedule: At task creation/modification Next Run Time: Status: Ready Creator: BrowserChoice Comments: ---------- Taskname: GoogleUpdateTaskMachineCore File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. Parameters: /c Schedule: Multiple schedule times Next Run Time: 18.10.2011 23:21:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskMachineUA File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 23:21:00 every day Next Run Time: 18.10.2011 10:21:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskUserS-1-5-21-3056872194-1230880473-3156093642-1000Core File: C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe 136176 bytes Created: 20.09.2011 00:12 Modified: 09.09.2011 23:16 Company: Google Inc. Parameters: /c Schedule: At 00:17:00 every day Next Run Time: 19.10.2011 00:17:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskUserS-1-5-21-3056872194-1230880473-3156093642-1000UA File: C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe 136176 bytes Created: 20.09.2011 00:12 Modified: 09.09.2011 23:16 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 00:17:00 every day Next Run Time: 18.10.2011 10:17:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- ************************************************************ 10:06:18: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 10:06:18: Scanning ----- DEVICE DRIVER ENTRIES ----- ************************************************************ 10:06:18: ----- ADDITIONAL CHECKS ----- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\m\Desktop\bilder\GEDC1174.JPG C:\Users\m\Desktop\bilder\GEDC1174.JPG 3107909 bytes Created: 20.07.2011 20:09 Modified: 01.01.2011 19:24 Company: [no info] ---------- Web Desktop Wallpaper: %USERPROFILE%\Desktop\bilder\GEDC1174.JPG C:\Users\m\Desktop\bilder\GEDC1174.JPG 3107909 bytes Created: 20.07.2011 20:09 Modified: 01.01.2011 19:24 Company: [no info] ---------- Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 10:06:19: Scanning ----- RUNNING PROCESSES ----- C:\Windows\system32\Dwm.exe 81920 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation -------------------- C:\Windows\Explorer.EXE - file already scanned -------------------- C:\Program Files\Windows Defender\MSASCui.exe - file already scanned -------------------- C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanned -------------------- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe - file already scanned -------------------- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe - file already scanned -------------------- C:\Windows\System32\mobsync.exe 95744 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Microsoft Corporation -------------------- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe 69384 bytes Created: 11.08.2011 14:52 Modified: 11.08.2011 14:52 Company: Raxco Software, Inc. -------------------- C:\Windows\system32\conime.exe 69120 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation -------------------- C:\Program Files\Internet Explorer\iexplore.exe 748336 bytes Created: 21.06.2011 15:49 Modified: 21.06.2011 15:49 Company: Microsoft Corporation -------------------- C:\Program Files\Internet Explorer\iexplore.exe - file already scanned -------------------- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 307376 bytes Created: 16.06.2011 21:01 Modified: 29.07.2011 06:22 Company: Google Inc. -------------------- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - file already scanned -------------------- C:\Windows\system32\taskeng.exe 171520 bytes Created: 21.06.2011 14:37 Modified: 04.11.2010 18:34 Company: Microsoft Corporation -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 3687344 [This is a Trojan Remover component] -------------------- ************************************************************ 10:06:20: Checking HOSTS file ERROR: EJwsclInvalidObjectException calling CheckHostsFile in procedure Scanform.DoScan: An Exception of type EJwsclInvalidObjectException was raised. (Data was given by programmer and can vary from actual source.) Source method....: GetSecurityDescriptor Source class.....: TJwSecureFileObject Source file......: JwsclSecureObjects.pas Source line......: 0 Message : Filename and handle is invalid ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://de.yahoo.com/?fr=fp-yie9 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 10:06:20 18 Okt 2011 Total Scan time: 00:00:14 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com [Unregistered version] Scan started at: 09:43:59 18 Okt 2011 Using Database v7779 Operating System: Windows Vista Ultimate (SP2) [Build: 6.0.6002] File System: NTFS User Account Control is DISABLED UserData directory: C:\Users\m\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\m\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 09:43:59: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 09:43:59: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2926592 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 25088 bytes Created: 21.01.2008 04:22 Modified: 21.01.2008 04:22 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Windows Defender Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide C:\Program Files\Windows Defender\MSASCui.exe 1008184 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Microsoft Corporation -------------------- Value Name: Adobe ARM Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 937920 bytes Created: 06.06.2011 12:55 Modified: 06.06.2011 12:55 Company: Adobe Systems Incorporated -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" C:\Program Files\Common Files\Java\Java Update\jusched.exe 254696 bytes Created: 08.04.2011 12:59 Modified: 08.04.2011 12:59 Company: Sun Microsystems, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1167296 bytes Created: 18.10.2011 09:35 Modified: 05.07.2010 12:49 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: KiesHelper Value Data: C:\Program Files\Samsung\Kies\KiesHelper.exe /s C:\Program Files\Samsung\Kies\KiesHelper.exe 958352 bytes Created: 05.07.2011 19:08 Modified: 01.08.2011 05:32 Company: Samsung -------------------- Value Name: KiesTrayAgent Value Data: C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe 3507088 bytes Created: 24.06.2011 15:54 Modified: 01.08.2011 05:32 Company: Samsung Electronics Co., Ltd. -------------------- Value Name: KiesPDLR Value Data: C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 20880 bytes Created: 24.06.2011 15:54 Modified: 01.08.2011 05:32 Company: -------------------- Value Name: Sony Ericsson PC Companion Value Data: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe 433360 bytes Created: 11.09.2011 18:35 Modified: 25.07.2011 11:41 Company: Sony Ericsson -------------------- Value Name: Google Update Value Data: "C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe" /c C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe 136176 bytes Created: 20.09.2011 00:12 Modified: 09.09.2011 23:16 Company: Google Inc. -------------------- Value Name: AVMUSBFernanschluss Value Data: "C:\Users\m\AppData\Local\Apps\2.0\8JT1H7P7.RN0\BZ2RC427.8E6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" C:\Users\m\AppData\Local\Apps\2.0\8JT1H7P7.RN0\BZ2RC427.8E6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe 147456 bytes Created: 17.10.2011 14:20 Modified: 17.10.2011 14:20 Company: AVM Berlin -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 09:44:10: Scanning -----SHELLEXECUTEHOOKS----- ShellExecuteHooks key is empty ************************************************************ 09:44:10: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 09:44:11: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\Windows\system32\logon.scr C:\Windows\system32\logon.scr 5714432 bytes Created: 21.01.2008 04:22 Modified: 21.01.2008 04:22 Company: Microsoft Corporation -------------------- ************************************************************ 09:44:12: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} Path: C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 C:\Program Files\Internet Explorer\clrtour.inf 1855 bytes Created: 17.03.2009 12:20 Modified: 17.03.2009 12:20 Company: [no info] ---------- ************************************************************ 09:44:13: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************************ 09:44:15: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AdobeARMservice ImagePath: "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 64952 bytes Created: 06.06.2011 12:55 Modified: 06.06.2011 12:55 Company: Adobe Systems Incorporated ---------- Key: atapi ImagePath: system32\drivers\atapi.sys C:\Windows\system32\drivers\atapi.sys 19944 bytes Created: 11.04.2009 15:18 Modified: 11.04.2009 15:18 Company: Microsoft Corporation ---------- Key: avmaudio ImagePath: system32\DRIVERS\avmaudio.sys C:\Windows\system32\DRIVERS\avmaudio.sys 101248 bytes Created: 17.10.2011 14:20 Modified: 17.10.2011 14:20 Company: AVM Berlin ---------- Key: clr_optimization_v4.0.30319_32 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 130384 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: dgderdrv ImagePath: System32\drivers\dgderdrv.sys C:\Windows\System32\drivers\dgderdrv.sys 20032 bytes Created: 05.07.2011 19:08 Modified: 07.06.2011 11:13 Company: Devguru Co., Ltd ---------- Key: dg_ssudbus ImagePath: system32\DRIVERS\ssudbus.sys C:\Windows\system32\DRIVERS\ssudbus.sys 76088 bytes Created: 05.07.2011 19:11 Modified: 16.06.2011 11:22 Company: DEVGURU Co., LTD.(www.devguru.co.kr) ---------- Key: ggflt ImagePath: system32\DRIVERS\ggflt.sys C:\Windows\system32\DRIVERS\ggflt.sys 13224 bytes Created: 12.09.2011 21:01 Modified: 12.09.2011 21:01 Company: Sony Ericsson Mobile Communications ---------- Key: ggsemc ImagePath: system32\DRIVERS\ggsemc.sys C:\Windows\system32\DRIVERS\ggsemc.sys 25512 bytes Created: 12.09.2011 21:01 Modified: 12.09.2011 21:01 Company: Sony Ericsson Mobile Communications ---------- Key: gupdate ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /svc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. ---------- Key: gupdatem ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. ---------- Key: HSFHWAZL ImagePath: system32\DRIVERS\VSTAZL3.SYS C:\Windows\system32\DRIVERS\VSTAZL3.SYS 200704 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Conexant Systems, Inc. ---------- Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iastorv.sys C:\Windows\system32\drivers\iastorv.sys 235064 bytes Created: 02.11.2006 09:36 Modified: 21.01.2008 04:21 Company: Intel Corporation ---------- Key: IpInIp ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded ---------- Key: msiserver ImagePath: %systemroot%\system32\msiexec /V ---------- Key: NETw3v32 ImagePath: system32\DRIVERS\NETw3v32.sys C:\Windows\system32\DRIVERS\NETw3v32.sys 2225664 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Intel Corporation ---------- Key: NETw4v32 ImagePath: system32\DRIVERS\NETw4v32.sys C:\Windows\system32\DRIVERS\NETw4v32.sys 2251776 bytes Created: 19.10.2007 00:29 Modified: 19.10.2007 00:29 Company: Intel Corporation ---------- Key: NwlnkFlt ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded ---------- Key: NwlnkFwd ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded ---------- Key: PDAgent ImagePath: "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe" C:\Program Files\Raxco\PerfectDisk\PDAgent.exe 1242376 bytes Created: 11.08.2011 14:52 Modified: 11.08.2011 14:52 Company: Raxco Software, Inc. ---------- Key: PDEngine ImagePath: "C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe" C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe 2123016 bytes Created: 11.08.2011 14:52 Modified: 11.08.2011 14:52 Company: Raxco Software, Inc. ---------- Key: PDFSFilter ImagePath: system32\DRIVERS\PDFsFilter.sys C:\Windows\system32\DRIVERS\PDFsFilter.sys 66832 bytes Created: 27.07.2011 07:02 Modified: 27.07.2011 07:02 Company: Raxco Software, Inc. ---------- Key: R5U870FLx86 ImagePath: System32\Drivers\R5U870FLx86.sys C:\Windows\System32\Drivers\R5U870FLx86.sys 72704 bytes Created: 26.07.2011 12:13 Modified: 27.10.2006 14:08 Company: Ricoh ---------- Key: R5U870FUx86 ImagePath: System32\Drivers\R5U870FUx86.sys C:\Windows\System32\Drivers\R5U870FUx86.sys 43904 bytes Created: 26.07.2011 12:13 Modified: 27.10.2006 14:08 Company: Ricoh ---------- Key: Sony Ericsson PCCompanion ImagePath: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe 155344 bytes Created: 11.09.2011 18:35 Modified: 29.06.2011 15:59 Company: Avanquest Software ---------- Key: ssudmdm ImagePath: system32\DRIVERS\ssudmdm.sys C:\Windows\system32\DRIVERS\ssudmdm.sys 181432 bytes Created: 05.07.2011 19:11 Modified: 16.06.2011 11:22 Company: DEVGURU Co., LTD.(www.devguru.co.kr) ---------- Key: usbvideo ImagePath: System32\Drivers\usbvideo.sys C:\Windows\System32\Drivers\usbvideo.sys 134016 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Microsoft Corporation ---------- Key: winachsf ImagePath: system32\DRIVERS\VSTCNXT3.SYS C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 654336 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Conexant Systems, Inc. ---------- Key: WinUSB ImagePath: system32\DRIVERS\WinUSB.sys C:\Windows\system32\DRIVERS\WinUSB.sys 31616 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation ---------- Key: wlidsvc ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1713536 bytes Created: 28.03.2011 20:31 Modified: 28.03.2011 20:31 Company: Microsoft Corp. ---------- Key: WpdUsb ImagePath: system32\DRIVERS\wpdusb.sys C:\Windows\system32\DRIVERS\wpdusb.sys 40448 bytes Created: 09.12.2009 01:32 Modified: 09.12.2009 01:32 Company: Microsoft Corporation ---------- Key: WPFFontCache_v0400 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 753504 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: YahooAUService ImagePath: "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 602392 bytes Created: 09.11.2008 22:48 Modified: 09.11.2008 22:48 Company: Yahoo! Inc. ---------- ************************************************************ 09:44:55: Scanning -----VXD ENTRIES----- ************************************************************ 09:44:55: Scanning ----- WINLOGON\NOTIFY DLLS ----- No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 09:44:55: Scanning ----- CONTEXTMENUHANDLERS ----- ************************************************************ 09:44:56: Scanning ----- FOLDER\COLUMNHANDLERS ----- ************************************************************ 09:44:56: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {02478D38-C3F9-4efb-9B51-7695ECA05670} BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll 1392952 bytes Created: 16.03.2011 04:51 Modified: 16.03.2011 04:51 Company: Yahoo! Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 441216 bytes Created: 28.03.2011 20:35 Modified: 28.03.2011 20:35 Company: Microsoft Corp. ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll 305328 bytes Created: 16.06.2011 21:01 Modified: 18.08.2011 01:16 Company: Google Inc. ---------- Key: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll 163128 bytes Created: 16.03.2011 04:51 Modified: 16.03.2011 04:51 Company: Yahoo! Inc ---------- ************************************************************ 09:44:57: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 09:44:57: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************************ 09:44:57: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 09:44:57: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 09:44:57: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 09:44:57: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 02.11.2006 14:49 Modified: 21.01.2008 04:41 Company: [no info] -------------------- ************************************************************ 09:44:58: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: m [C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 03.06.2011 04:33 Modified: 03.06.2011 04:33 Company: [no info] ---------- -------------------- ************************************************************ 09:44:58: Scanning ----- SCHEDULED TASKS ----- Taskname: CreateChoiceProcessTask File: C:\Windows\System32\browserchoice.exe C:\Windows\System32\browserchoice.exe 293376 bytes Created: 21.06.2011 14:42 Modified: 12.02.2010 12:32 Company: Microsoft Corporation Parameters: /launch Schedule: At task creation/modification Next Run Time: Status: Ready Creator: BrowserChoice Comments: ---------- Taskname: GoogleUpdateTaskMachineCore File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. Parameters: /c Schedule: Multiple schedule times Next Run Time: 18.10.2011 23:21:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskMachineUA File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 23:21:00 every day Next Run Time: 18.10.2011 10:21:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskUserS-1-5-21-3056872194-1230880473-3156093642-1000Core File: C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe 136176 bytes Created: 20.09.2011 00:12 Modified: 09.09.2011 23:16 Company: Google Inc. Parameters: /c Schedule: At 00:17:00 every day Next Run Time: 19.10.2011 00:17:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskUserS-1-5-21-3056872194-1230880473-3156093642-1000UA File: C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe 136176 bytes Created: 20.09.2011 00:12 Modified: 09.09.2011 23:16 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 00:17:00 every day Next Run Time: 18.10.2011 10:17:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- ************************************************************ 09:44:59: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 09:44:59: Scanning ----- DEVICE DRIVER ENTRIES ----- ************************************************************ 09:45:01: ----- ADDITIONAL CHECKS ----- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\m\Desktop\bilder\GEDC1174.JPG C:\Users\m\Desktop\bilder\GEDC1174.JPG 3107909 bytes Created: 20.07.2011 20:09 Modified: 01.01.2011 19:24 Company: [no info] ---------- Web Desktop Wallpaper: %USERPROFILE%\Desktop\bilder\GEDC1174.JPG C:\Users\m\Desktop\bilder\GEDC1174.JPG 3107909 bytes Created: 20.07.2011 20:09 Modified: 01.01.2011 19:24 Company: [no info] ---------- Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 09:45:03: Scanning ----- RUNNING PROCESSES ----- C:\Windows\system32\Dwm.exe 81920 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation -------------------- C:\Windows\system32\taskeng.exe 171520 bytes Created: 21.06.2011 14:37 Modified: 04.11.2010 18:34 Company: Microsoft Corporation -------------------- C:\Windows\Explorer.EXE - file already scanned -------------------- C:\Program Files\Windows Defender\MSASCui.exe - file already scanned -------------------- C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanned -------------------- C:\Program Files\Trojan Remover\Trjscan.exe - file already scanned -------------------- C:\Program Files\Samsung\Kies\KiesHelper.exe - file already scanned -------------------- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe - file already scanned -------------------- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe - file already scanned -------------------- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe - file already scanned -------------------- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe 74960 bytes Created: 11.09.2011 18:35 Modified: 13.12.2010 14:52 Company: [no info] -------------------- C:\Windows\System32\mobsync.exe 95744 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Microsoft Corporation -------------------- C:\Users\m\AppData\Local\Apps\2.0\8JT1H7P7.RN0\BZ2RC427.8E6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe 336896 bytes Created: 17.10.2011 14:20 Modified: 17.10.2011 14:20 Company: AVM Berlin -------------------- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe 69384 bytes Created: 11.08.2011 14:52 Modified: 11.08.2011 14:52 Company: Raxco Software, Inc. -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 3687344 [This is a Trojan Remover component] -------------------- C:\Windows\system32\conime.exe 69120 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation -------------------- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe 666112 bytes Created: 09.06.2011 18:45 Modified: 26.07.2011 10:27 Company: Mobileleader Co., Ltd. -------------------- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe 140800 bytes Created: 07.06.2011 11:14 Modified: 26.07.2011 10:27 Company: Mobileleader Co., Ltd. -------------------- C:\Windows\system32\SearchFilterHost.exe 87552 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation -------------------- C:\Windows\system32\SearchProtocolHost.exe 185344 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation -------------------- ************************************************************ 09:45:09: Checking HOSTS file ERROR: EJwsclInvalidObjectException calling CheckHostsFile in procedure Scanform.DoScan: An Exception of type EJwsclInvalidObjectException was raised. (Data was given by programmer and can vary from actual source.) Source method....: GetSecurityDescriptor Source class.....: TJwSecureFileObject Source file......: JwsclSecureObjects.pas Source line......: 0 Message : Filename and handle is invalid ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://de.yahoo.com/?fr=fp-yie9 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 09:45:09 18 Okt 2011 Total Scan time: 00:01:10 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com [Unregistered version] Scan started at: 09:39:27 18 Okt 2011 Using Database v7779 Operating System: Windows Vista Ultimate (SP2) [Build: 6.0.6002] File System: NTFS User Account Control is DISABLED UserData directory: C:\Users\m\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\m\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 09:39:27: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 09:39:28: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2926592 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 25088 bytes Created: 21.01.2008 04:22 Modified: 21.01.2008 04:22 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Windows Defender Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide C:\Program Files\Windows Defender\MSASCui.exe 1008184 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Microsoft Corporation -------------------- Value Name: Adobe ARM Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 937920 bytes Created: 06.06.2011 12:55 Modified: 06.06.2011 12:55 Company: Adobe Systems Incorporated -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" C:\Program Files\Common Files\Java\Java Update\jusched.exe 254696 bytes Created: 08.04.2011 12:59 Modified: 08.04.2011 12:59 Company: Sun Microsystems, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1167296 bytes Created: 18.10.2011 09:35 Modified: 05.07.2010 12:49 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: KiesHelper Value Data: C:\Program Files\Samsung\Kies\KiesHelper.exe /s C:\Program Files\Samsung\Kies\KiesHelper.exe 958352 bytes Created: 05.07.2011 19:08 Modified: 01.08.2011 05:32 Company: Samsung -------------------- Value Name: KiesTrayAgent Value Data: C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe 3507088 bytes Created: 24.06.2011 15:54 Modified: 01.08.2011 05:32 Company: Samsung Electronics Co., Ltd. -------------------- Value Name: KiesPDLR Value Data: C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe 20880 bytes Created: 24.06.2011 15:54 Modified: 01.08.2011 05:32 Company: -------------------- Value Name: Sony Ericsson PC Companion Value Data: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe 433360 bytes Created: 11.09.2011 18:35 Modified: 25.07.2011 11:41 Company: Sony Ericsson -------------------- Value Name: Google Update Value Data: "C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe" /c C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe 136176 bytes Created: 20.09.2011 00:12 Modified: 09.09.2011 23:16 Company: Google Inc. -------------------- Value Name: AVMUSBFernanschluss Value Data: "C:\Users\m\AppData\Local\Apps\2.0\8JT1H7P7.RN0\BZ2RC427.8E6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" C:\Users\m\AppData\Local\Apps\2.0\8JT1H7P7.RN0\BZ2RC427.8E6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe 147456 bytes Created: 17.10.2011 14:20 Modified: 17.10.2011 14:20 Company: AVM Berlin -------------------- Value Name: Microsoft® Windows Update Value Data: C:\Users\m\M-1-52-5782-8752-5245\winsvc.exe C:\Users\m\M-1-52-5782-8752-5245\winsvc.exe -RHS- 90112 bytes Created: 18.10.2011 09:11 Modified: 18.10.2011 09:11 Company: C:\Users\m\M-1-52-5782-8752-5245\winsvc.exe appears to contain: WORM/KLEZ C:\Users\m\M-1-52-5782-8752-5245\winsvc.exe - this registry value has been removed C:\Users\m\M-1-52-5782-8752-5245\winsvc.exe - running process located and terminated C:\Users\m\M-1-52-5782-8752-5245\winsvc.exe - READ-ONLY, HIDDEN and SYSTEM file attributes removed C:\Users\m\M-1-52-5782-8752-5245\winsvc.exe - file renamed to: C:\Users\m\M-1-52-5782-8752-5245\winsvc.exe.vir -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 09:39:42: Scanning -----SHELLEXECUTEHOOKS----- ShellExecuteHooks key is empty ************************************************************ 09:39:42: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 09:39:42: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\Windows\system32\logon.scr C:\Windows\system32\logon.scr 5714432 bytes Created: 21.01.2008 04:22 Modified: 21.01.2008 04:22 Company: Microsoft Corporation -------------------- ************************************************************ 09:39:42: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} Path: C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 C:\Program Files\Internet Explorer\clrtour.inf 1855 bytes Created: 17.03.2009 12:20 Modified: 17.03.2009 12:20 Company: [no info] ---------- ************************************************************ 09:39:42: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************************ 09:39:43: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AdobeARMservice ImagePath: "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 64952 bytes Created: 06.06.2011 12:55 Modified: 06.06.2011 12:55 Company: Adobe Systems Incorporated ---------- Key: atapi ImagePath: system32\drivers\atapi.sys C:\Windows\system32\drivers\atapi.sys 19944 bytes Created: 11.04.2009 15:18 Modified: 11.04.2009 15:18 Company: Microsoft Corporation ---------- Key: avmaudio ImagePath: system32\DRIVERS\avmaudio.sys C:\Windows\system32\DRIVERS\avmaudio.sys 101248 bytes Created: 17.10.2011 14:20 Modified: 17.10.2011 14:20 Company: AVM Berlin ---------- Key: clr_optimization_v4.0.30319_32 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 130384 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: dgderdrv ImagePath: System32\drivers\dgderdrv.sys C:\Windows\System32\drivers\dgderdrv.sys 20032 bytes Created: 05.07.2011 19:08 Modified: 07.06.2011 11:13 Company: Devguru Co., Ltd ---------- Key: dg_ssudbus ImagePath: system32\DRIVERS\ssudbus.sys C:\Windows\system32\DRIVERS\ssudbus.sys 76088 bytes Created: 05.07.2011 19:11 Modified: 16.06.2011 11:22 Company: DEVGURU Co., LTD.(www.devguru.co.kr) ---------- Key: ggflt ImagePath: system32\DRIVERS\ggflt.sys C:\Windows\system32\DRIVERS\ggflt.sys 13224 bytes Created: 12.09.2011 21:01 Modified: 12.09.2011 21:01 Company: Sony Ericsson Mobile Communications ---------- Key: ggsemc ImagePath: system32\DRIVERS\ggsemc.sys C:\Windows\system32\DRIVERS\ggsemc.sys 25512 bytes Created: 12.09.2011 21:01 Modified: 12.09.2011 21:01 Company: Sony Ericsson Mobile Communications ---------- Key: gupdate ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /svc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. ---------- Key: gupdatem ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. ---------- Key: HSFHWAZL ImagePath: system32\DRIVERS\VSTAZL3.SYS C:\Windows\system32\DRIVERS\VSTAZL3.SYS 200704 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Conexant Systems, Inc. ---------- Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iastorv.sys C:\Windows\system32\drivers\iastorv.sys 235064 bytes Created: 02.11.2006 09:36 Modified: 21.01.2008 04:21 Company: Intel Corporation ---------- Key: IpInIp ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded ---------- Key: msiserver ImagePath: %systemroot%\system32\msiexec /V ---------- Key: NETw3v32 ImagePath: system32\DRIVERS\NETw3v32.sys C:\Windows\system32\DRIVERS\NETw3v32.sys 2225664 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Intel Corporation ---------- Key: NETw4v32 ImagePath: system32\DRIVERS\NETw4v32.sys C:\Windows\system32\DRIVERS\NETw4v32.sys 2251776 bytes Created: 19.10.2007 00:29 Modified: 19.10.2007 00:29 Company: Intel Corporation ---------- Key: NwlnkFlt ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded ---------- Key: NwlnkFwd ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded ---------- Key: PDAgent ImagePath: "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe" C:\Program Files\Raxco\PerfectDisk\PDAgent.exe 1242376 bytes Created: 11.08.2011 14:52 Modified: 11.08.2011 14:52 Company: Raxco Software, Inc. ---------- Key: PDEngine ImagePath: "C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe" C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe 2123016 bytes Created: 11.08.2011 14:52 Modified: 11.08.2011 14:52 Company: Raxco Software, Inc. ---------- Key: PDFSFilter ImagePath: system32\DRIVERS\PDFsFilter.sys C:\Windows\system32\DRIVERS\PDFsFilter.sys 66832 bytes Created: 27.07.2011 07:02 Modified: 27.07.2011 07:02 Company: Raxco Software, Inc. ---------- Key: R5U870FLx86 ImagePath: System32\Drivers\R5U870FLx86.sys C:\Windows\System32\Drivers\R5U870FLx86.sys 72704 bytes Created: 26.07.2011 12:13 Modified: 27.10.2006 14:08 Company: Ricoh ---------- Key: R5U870FUx86 ImagePath: System32\Drivers\R5U870FUx86.sys C:\Windows\System32\Drivers\R5U870FUx86.sys 43904 bytes Created: 26.07.2011 12:13 Modified: 27.10.2006 14:08 Company: Ricoh ---------- Key: Sony Ericsson PCCompanion ImagePath: "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe 155344 bytes Created: 11.09.2011 18:35 Modified: 29.06.2011 15:59 Company: Avanquest Software ---------- Key: ssudmdm ImagePath: system32\DRIVERS\ssudmdm.sys C:\Windows\system32\DRIVERS\ssudmdm.sys 181432 bytes Created: 05.07.2011 19:11 Modified: 16.06.2011 11:22 Company: DEVGURU Co., LTD.(www.devguru.co.kr) ---------- Key: usbvideo ImagePath: System32\Drivers\usbvideo.sys C:\Windows\System32\Drivers\usbvideo.sys 134016 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Microsoft Corporation ---------- Key: winachsf ImagePath: system32\DRIVERS\VSTCNXT3.SYS C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 654336 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Conexant Systems, Inc. ---------- Key: WinUSB ImagePath: system32\DRIVERS\WinUSB.sys C:\Windows\system32\DRIVERS\WinUSB.sys 31616 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation ---------- Key: wlidsvc ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1713536 bytes Created: 28.03.2011 20:31 Modified: 28.03.2011 20:31 Company: Microsoft Corp. ---------- Key: WpdUsb ImagePath: system32\DRIVERS\wpdusb.sys C:\Windows\system32\DRIVERS\wpdusb.sys 40448 bytes Created: 09.12.2009 01:32 Modified: 09.12.2009 01:32 Company: Microsoft Corporation ---------- Key: WPFFontCache_v0400 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 753504 bytes Created: 18.03.2010 13:16 Modified: 18.03.2010 13:16 Company: Microsoft Corporation ---------- Key: YahooAUService ImagePath: "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 602392 bytes Created: 09.11.2008 22:48 Modified: 09.11.2008 22:48 Company: Yahoo! Inc. ---------- ************************************************************ 09:39:53: Scanning -----VXD ENTRIES----- ************************************************************ 09:39:53: Scanning ----- WINLOGON\NOTIFY DLLS ----- No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 09:39:53: Scanning ----- CONTEXTMENUHANDLERS ----- ************************************************************ 09:39:53: Scanning ----- FOLDER\COLUMNHANDLERS ----- ************************************************************ 09:39:54: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {02478D38-C3F9-4efb-9B51-7695ECA05670} BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll 1392952 bytes Created: 16.03.2011 04:51 Modified: 16.03.2011 04:51 Company: Yahoo! Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 441216 bytes Created: 28.03.2011 20:35 Modified: 28.03.2011 20:35 Company: Microsoft Corp. ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll 305328 bytes Created: 16.06.2011 21:01 Modified: 18.08.2011 01:16 Company: Google Inc. ---------- Key: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll 163128 bytes Created: 16.03.2011 04:51 Modified: 16.03.2011 04:51 Company: Yahoo! Inc ---------- ************************************************************ 09:39:54: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 09:39:54: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************************ 09:39:54: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 09:39:54: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 09:39:54: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 09:39:55: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 02.11.2006 14:49 Modified: 21.01.2008 04:41 Company: [no info] -------------------- ************************************************************ 09:39:55: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: m [C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 03.06.2011 04:33 Modified: 03.06.2011 04:33 Company: [no info] ---------- -------------------- ************************************************************ 09:39:55: Scanning ----- SCHEDULED TASKS ----- Taskname: CreateChoiceProcessTask File: C:\Windows\System32\browserchoice.exe C:\Windows\System32\browserchoice.exe 293376 bytes Created: 21.06.2011 14:42 Modified: 12.02.2010 12:32 Company: Microsoft Corporation Parameters: /launch Schedule: At task creation/modification Next Run Time: Status: Ready Creator: BrowserChoice Comments: ---------- Taskname: GoogleUpdateTaskMachineCore File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. Parameters: /c Schedule: Multiple schedule times Next Run Time: 18.10.2011 23:21:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskMachineUA File: C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\GoogleUpdate.exe 136176 bytes Created: 16.06.2011 21:01 Modified: 16.06.2011 21:01 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 23:21:00 every day Next Run Time: 18.10.2011 10:21:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskUserS-1-5-21-3056872194-1230880473-3156093642-1000Core File: C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe 136176 bytes Created: 20.09.2011 00:12 Modified: 09.09.2011 23:16 Company: Google Inc. Parameters: /c Schedule: At 00:17:00 every day Next Run Time: 19.10.2011 00:17:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskUserS-1-5-21-3056872194-1230880473-3156093642-1000UA File: C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\m\AppData\Local\Google\Update\GoogleUpdate.exe 136176 bytes Created: 20.09.2011 00:12 Modified: 09.09.2011 23:16 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 00:17:00 every day Next Run Time: 18.10.2011 10:17:00 Status: Ready Creator: m Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- ************************************************************ 09:39:56: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 09:39:56: Scanning ----- DEVICE DRIVER ENTRIES ----- ************************************************************ 09:39:56: ----- ADDITIONAL CHECKS ----- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\m\Desktop\bilder\GEDC1174.JPG C:\Users\m\Desktop\bilder\GEDC1174.JPG 3107909 bytes Created: 20.07.2011 20:09 Modified: 01.01.2011 19:24 Company: [no info] ---------- Web Desktop Wallpaper: %USERPROFILE%\Desktop\bilder\GEDC1174.JPG C:\Users\m\Desktop\bilder\GEDC1174.JPG 3107909 bytes Created: 20.07.2011 20:09 Modified: 01.01.2011 19:24 Company: [no info] ---------- Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 09:39:57: Scanning ----- RUNNING PROCESSES ----- C:\Windows\system32\Dwm.exe 81920 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation [30 loaded modules in total] -------------------- C:\Windows\Explorer.EXE - file already scanned [168 loaded modules in total] -------------------- C:\Program Files\Windows Defender\MSASCui.exe - file already scanned [42 loaded modules in total] -------------------- C:\Program Files\Common Files\Java\Java Update\jusched.exe - file already scanned [21 loaded modules in total] -------------------- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe - file already scanned [70 loaded modules in total] -------------------- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe - file already scanned [49 loaded modules in total] -------------------- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe 69384 bytes Created: 11.08.2011 14:52 Modified: 11.08.2011 14:52 Company: Raxco Software, Inc. [21 loaded modules in total] -------------------- C:\Program Files\Internet Explorer\iexplore.exe 748336 bytes Created: 21.06.2011 15:49 Modified: 21.06.2011 15:49 Company: Microsoft Corporation [105 loaded modules in total] -------------------- C:\Program Files\Internet Explorer\iexplore.exe - file already scanned [137 loaded modules in total] -------------------- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 307376 bytes Created: 16.06.2011 21:01 Modified: 29.07.2011 06:22 Company: Google Inc. [64 loaded modules in total] -------------------- C:\Program Files\Internet Explorer\iexplore.exe - file already scanned [137 loaded modules in total] -------------------- C:\Program Files\Internet Explorer\iexplore.exe - file already scanned [103 loaded modules in total] -------------------- C:\Users\m\AppData\Local\Temp\4481452.exe 249856 bytes Created: 18.10.2011 09:11 Modified: 18.10.2011 09:11 Company: [64 loaded modules in total] -------------------- C:\Windows\system32\taskeng.exe 171520 bytes Created: 21.06.2011 14:37 Modified: 04.11.2010 18:34 Company: Microsoft Corporation [78 loaded modules in total] -------------------- C:\Windows\System32\mobsync.exe 95744 bytes Created: 21.01.2008 04:21 Modified: 21.01.2008 04:21 Company: Microsoft Corporation [39 loaded modules in total] -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 3687344 [This is a Trojan Remover component] [66 loaded modules in total] -------------------- C:\Windows\system32\conime.exe 69120 bytes Created: 11.04.2009 15:19 Modified: 11.04.2009 15:19 Company: Microsoft Corporation [15 loaded modules in total] -------------------- ************************************************************ 09:40:43: Checking HOSTS file ERROR: EJwsclInvalidObjectException calling CheckHostsFile in procedure Scanform.DoScan: An Exception of type EJwsclInvalidObjectException was raised. (Data was given by programmer and can vary from actual source.) Source method....: GetSecurityDescriptor Source class.....: TJwSecureFileObject Source file......: JwsclSecureObjects.pas Source line......: 0 Message : Filename and handle is invalid ************************************************************ 09:40:43: Scanning ------ %TEMP% DIRECTORY ------ ************************************************************ 09:40:44: Scanning ------ C:\Windows\Temp DIRECTORY ------ No files found to scan ************************************************************ 09:40:44: Scanning ------ ROOT DIRECTORY ------ ************************************************************ 09:40:44: ------ Scan for other files to remove ------ No malware-related files found to remove ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://de.yahoo.com/?fr=fp-yie9 ************************************************************ === CHANGES WERE MADE TO THE WINDOWS REGISTRY === === ONE OR MORE FILES WERE RENAMED OR REMOVED === Scan completed at: 09:40:44 18 Okt 2011 Total Scan time: 00:01:16 ------------------------------------------------------------------------- Trojan Remover needs to restart the system to complete operations *** RESTART CANCELLED BY USER *** Active Malware may already be re-infecting the system. ************************************************************ |
|
|
|
|
|
|
18.10.2011, 19:50
Member
Beiträge: 420 |
#4
OTL
http://oldtimer.geekstogo.com/OTL.exe Starte das Programm, setze Häckchen bei "Scanne alle Benutzer", "LOP Prüfung" und "Purity Prüfung", kopiere unten in das Script-Feld rein: Zitat netsvcsund klicke auf Scan. Poste die OTL.txt und Extras.txt |
|
|
|
|
|
|
19.10.2011, 13:15
...neu hier
Themenstarter Beiträge: 4 |
#5
Zitat gangren posteteOTL logfile created on: 19.10.2011 13:08:21 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\m\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 61,35% Memory free 5,22 Gb Paging File | 4,09 Gb Available in Paging File | 78,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 33,66 Gb Total Space | 0,86 Gb Free Space | 2,57% Space Free | Partition Type: NTFS Drive D: | 78,12 Gb Total Space | 27,09 Gb Free Space | 34,68% Space Free | Partition Type: NTFS Computer Name: M-PC | User Name: m | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011.10.19 13:07:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.11 14:52:12 | 001,242,376 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\Raxco\PerfectDisk\PDAgent.exe PRC - [2011.08.11 14:52:12 | 000,069,384 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\Raxco\PerfectDisk\PDAgentS1.exe PRC - [2011.08.11 14:52:00 | 002,123,016 | ---- | M] (Raxco Software, Inc.) -- C:\Programme\Common Files\Raxco\Shared\PDEngine.exe PRC - [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.08.01 05:32:10 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.07.29 06:22:55 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011.06.21 15:49:23 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.06.27 17:06:16 | 000,178,176 | ---- | M] (privat) -- C:\Programme\ClearProg\ClearProg.exe PRC - [2009.04.11 15:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.01.21 04:21:41 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011.10.14 12:17:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ab1a41d184118635218d38da3f4bcae8\System.Management.ni.dll MOD - [2011.10.14 12:15:11 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dabeb21f09f88576c2cce838280c7f44\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 12:14:58 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2b0b477db8f5a19d6365b93106b26651\System.Xaml.ni.dll MOD - [2011.10.14 03:05:04 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\401a9dbeaad6b6ca70c90ae4fbd2e0b8\PresentationFramework.ni.dll MOD - [2011.10.14 03:04:49 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\fa45e7d581b80c34cb0d5518491c7387\System.Windows.Forms.ni.dll MOD - [2011.10.14 03:04:41 | 011,470,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b540398c49e7c32ab58666de7f09f645\PresentationCore.ni.dll MOD - [2011.10.14 03:04:26 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fd0f015bc4324d8b9716ae38083a4e4d\System.Drawing.ni.dll MOD - [2011.10.14 03:04:25 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0afb5fbfbc7a8d670b430672c5fd578\WindowsBase.ni.dll MOD - [2011.10.14 03:04:23 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\af091a68303117ca2166aa13bcbfbbd0\PresentationFramework.Aero.ni.dll MOD - [2011.10.14 03:04:19 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\90223e809b1ff291a7f65509702e2fa1\System.Core.ni.dll MOD - [2011.10.14 03:04:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a48e483c6b13da563725d72ec518a0bb\System.Xml.ni.dll MOD - [2011.10.14 03:04:06 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\69adb8f9940fa1330f6f1b706e3dc31e\System.ni.dll MOD - [2011.10.14 03:03:56 | 014,409,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll MOD - [2011.10.09 01:24:00 | 000,115,137 | ---- | M] () -- C:\Users\m\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll MOD - [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (MBAMService) SRV - File not found [Auto | Stopped] -- -- (CSObjectsSrv) SRV - File not found [Auto | Stopped] -- -- (AVP) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.11 14:52:12 | 001,242,376 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent) SRV - [2011.08.11 14:52:00 | 002,123,016 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine) SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.01.21 04:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011.10.18 11:40:23 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011.10.17 14:20:04 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.12 21:01:15 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.09.12 21:01:15 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.04 14:16:16 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2011.07.27 07:02:36 | 000,066,832 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PDFsFilter.sys -- (PDFSFilter) DRV - [2011.06.16 11:22:50 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV - [2011.06.16 11:22:50 | 000,076,088 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV - [2011.06.07 11:13:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\klbg.sys -- (KLBG) DRV - [2009.10.02 19:39:36 | 000,019,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009.04.11 15:19:01 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008.01.21 04:21:28 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.10.19 00:29:40 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2006.10.27 14:08:36 | 000,072,704 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2006.10.27 14:08:32 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/?fr=fp-yie9 IE - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 F4 F7 82 52 2C CC 01 [binary data] IE - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\m\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\m\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\m\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\m\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\m\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin Hosts file not found O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File not found O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000..\Run: [AVMUSBFernanschluss] C:\Users\m\AppData\Local\Apps\2.0\8JT1H7P7.RN0\BZ2RC427.8E6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-3056872194-1230880473-3156093642-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{773F3D62-F230-4AD9-8C6B-DC2198DD6BE8}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\m\Desktop\bilder\GEDC1174.JPG O24 - Desktop BackupWallPaper: C:\Users\m\Desktop\bilder\GEDC1174.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (PDBoot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011.10.19 13:06:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe [2011.10.19 09:32:08 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Avira [2011.10.19 09:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.19 09:29:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.10.19 09:29:44 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.19 09:29:44 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.19 09:29:44 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.19 09:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.19 09:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.10.18 11:43:04 | 000,000,000 | ---D | C] -- C:\Users\m\{c6f21df4-4eb6-4bab-bcc1-09fa749fe3de} [2011.10.18 11:42:53 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys [2011.10.18 11:42:53 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2011.10.18 11:42:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.10.18 11:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch [2011.10.18 11:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE [2011.10.18 11:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.10.18 11:18:19 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.10.18 11:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011.10.18 11:04:45 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2011.10.18 09:52:49 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Malwarebytes [2011.10.18 09:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.18 09:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.18 09:52:40 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.18 09:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.10.18 09:35:29 | 000,000,000 | ---D | C] -- C:\Users\m\Documents\Simply Super Software [2011.10.18 09:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011.10.18 09:35:10 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011.10.18 09:35:09 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Simply Super Software [2011.10.18 09:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011.10.18 09:11:41 | 000,000,000 | RHSD | C] -- C:\Users\m\M-1-52-5782-8752-5245 [2011.10.17 14:20:12 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2011.10.17 14:20:12 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2011.10.17 14:20:12 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2011.10.17 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\Deployment [2011.10.17 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\Apps [2011.10.14 10:43:22 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\{350AE964-DAB0-4827-B0AD-7B8C52609CCB} [2011.10.14 10:43:01 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\{A3030E20-BD30-402A-9641-3D7613DDFFC5} [2011.10.14 03:05:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.10.14 03:05:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.10.14 03:05:51 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.10.14 03:05:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.10.14 03:05:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.10.14 03:01:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.10.13 13:06:42 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.10.13 13:06:40 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.10.13 13:06:40 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.10.13 13:06:40 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2011.10.13 13:06:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011.10.13 13:06:15 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011.10.13 13:06:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2011.10.11 22:43:00 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\handyfoto [2011.10.09 01:53:39 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\{99D754F6-7F57-4F3B-A78B-DF4617E26469} [2011.10.09 01:53:17 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\{DAB799A5-BE99-47FB-B00B-00CB3D7FE3FA} [2011.10.06 08:40:35 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\{ABD7E363-AB3F-4C09-B2ED-A37C5A33D8C1} [2011.10.06 08:40:12 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\{0D63AC4F-55B2-4FE3-8093-DDC9C4AB34E0} [2011.10.06 08:40:11 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\{B7D019D2-980E-45D7-AC21-5FDEB8546582} [2011.09.24 09:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.09.20 00:14:07 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011.10.19 13:07:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe [2011.10.19 12:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.19 12:21:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.19 12:17:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3056872194-1230880473-3156093642-1000UA.job [2011.10.19 10:48:31 | 000,628,668 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.19 10:48:31 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.19 10:48:31 | 000,126,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.19 10:48:31 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.19 10:41:40 | 000,000,430 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.10.19 10:40:44 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.19 10:40:43 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.19 10:40:43 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.19 09:30:13 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.18 11:40:23 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.10.18 00:17:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3056872194-1230880473-3156093642-1000Core.job [2011.10.17 14:20:04 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2011.10.17 14:20:03 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2011.10.15 11:04:55 | 000,174,863 | ---- | M] () -- C:\Users\m\Desktop\ps2011-07-24_15-42-56.jpg [2011.10.15 11:02:30 | 002,217,898 | ---- | M] () -- C:\Users\m\Desktop\2011-07-31 21.41.59.jpg [2011.10.15 10:55:26 | 001,391,582 | ---- | M] () -- C:\Users\m\Desktop\2011-10-09 14.46.27.jpg [2011.10.15 10:54:46 | 001,493,695 | ---- | M] () -- C:\Users\m\Desktop\2011-10-09 14.41.38.jpg [2011.10.15 10:54:01 | 001,656,687 | ---- | M] () -- C:\Users\m\Desktop\2011-10-03 14.49.19.jpg [2011.10.15 10:53:39 | 001,847,381 | ---- | M] () -- C:\Users\m\Desktop\2011-10-03 10.59.31.jpg [2011.10.14 16:54:21 | 000,062,332 | ---- | M] () -- C:\Users\m\Desktop\294210_163027170455441_100002444777390_288972_1620376999_n.jpg [2011.10.14 13:47:40 | 000,073,380 | ---- | M] () -- C:\Users\m\Desktop\308295_260623700640604_100000789276163_631597_626419422_n.jpg [2011.10.14 06:39:32 | 000,231,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.13 11:28:15 | 067,630,511 | ---- | M] () -- C:\Users\m\Desktop\video-2011-09-04-16-06-33.mp4 [2011.10.11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.10 21:46:13 | 000,104,846 | ---- | M] () -- C:\Users\m\Desktop\galaxy-2.jpg [2011.10.10 09:33:25 | 000,077,725 | ---- | M] () -- C:\Users\m\Desktop\D68F981C-EE1E-407C-A5F5-0B3197D1CACB.jpg [2011.10.08 21:06:25 | 000,070,415 | ---- | M] () -- C:\Users\m\Desktop\295827_160603490697809_100002444777390_282432_1690074505_n.jpg [2011.10.05 23:23:52 | 001,278,792 | ---- | M] () -- C:\Users\m\Desktop\2011-10-01 19.12.43.jpg [2011.10.05 23:23:38 | 001,583,340 | ---- | M] () -- C:\Users\m\Desktop\2011-10-01 19.12.54.jpg [2011.10.05 17:18:26 | 000,002,022 | ---- | M] () -- C:\Users\m\Desktop\Google Chrome.lnk [2011.10.01 20:28:52 | 001,461,389 | ---- | M] () -- C:\Users\m\Desktop\2011-10-01 19.12.24.jpg [2011.09.25 10:07:07 | 000,029,184 | ---- | M] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.24 09:26:27 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011.10.19 09:30:13 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.18 09:35:10 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011.10.18 09:35:10 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011.10.18 09:35:10 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011.10.18 09:35:10 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011.10.15 11:05:57 | 001,391,582 | ---- | C] () -- C:\Users\m\Desktop\2011-10-09 14.46.27.jpg [2011.10.15 11:05:02 | 000,174,863 | ---- | C] () -- C:\Users\m\Desktop\ps2011-07-24_15-42-56.jpg [2011.10.15 11:03:08 | 002,217,898 | ---- | C] () -- C:\Users\m\Desktop\2011-07-31 21.41.59.jpg [2011.10.15 10:54:52 | 001,493,695 | ---- | C] () -- C:\Users\m\Desktop\2011-10-09 14.41.38.jpg [2011.10.15 10:54:06 | 001,656,687 | ---- | C] () -- C:\Users\m\Desktop\2011-10-03 14.49.19.jpg [2011.10.15 10:53:47 | 001,847,381 | ---- | C] () -- C:\Users\m\Desktop\2011-10-03 10.59.31.jpg [2011.10.14 16:56:29 | 000,062,332 | ---- | C] () -- C:\Users\m\Desktop\294210_163027170455441_100002444777390_288972_1620376999_n.jpg [2011.10.14 13:47:48 | 000,073,380 | ---- | C] () -- C:\Users\m\Desktop\308295_260623700640604_100000789276163_631597_626419422_n.jpg [2011.10.13 11:28:07 | 067,630,511 | ---- | C] () -- C:\Users\m\Desktop\video-2011-09-04-16-06-33.mp4 [2011.10.11 22:50:33 | 007,617,637 | ---- | C] () -- C:\Users\m\Desktop\03-lil_wayne-dear_anne_(stan_pt.2).mp3 [2011.10.10 21:46:22 | 000,104,846 | ---- | C] () -- C:\Users\m\Desktop\galaxy-2.jpg [2011.10.08 21:07:00 | 000,070,415 | ---- | C] () -- C:\Users\m\Desktop\295827_160603490697809_100002444777390_282432_1690074505_n.jpg [2011.10.01 19:15:44 | 001,583,340 | ---- | C] () -- C:\Users\m\Desktop\2011-10-01 19.12.54.jpg [2011.10.01 19:15:44 | 001,461,389 | ---- | C] () -- C:\Users\m\Desktop\2011-10-01 19.12.24.jpg [2011.10.01 19:15:44 | 001,278,792 | ---- | C] () -- C:\Users\m\Desktop\2011-10-01 19.12.43.jpg [2011.09.24 09:26:27 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.09.20 00:14:08 | 000,002,022 | ---- | C] () -- C:\Users\m\Desktop\Google Chrome.lnk [2011.09.20 00:12:56 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3056872194-1230880473-3156093642-1000UA.job [2011.09.20 00:12:52 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3056872194-1230880473-3156093642-1000Core.job [2011.08.03 18:59:25 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.07.02 19:22:13 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.06.21 20:43:11 | 000,029,184 | ---- | C] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2009.10.02 19:39:36 | 000,019,472 | ---- | C] () -- C:\Windows\System32\drivers\klmouflt.sys [2009.04.11 18:55:00 | 000,628,668 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.04.11 18:55:00 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.04.11 18:55:00 | 000,126,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.04.11 18:55:00 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.04.11 15:20:07 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.04.11 15:19:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.04.11 15:19:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.04.11 15:19:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.01.21 04:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2006.11.02 14:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:46:27 | 000,231,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2011.07.05 19:08:02 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Samsung [2011.10.18 09:35:09 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Simply Super Software [2011.10.09 12:23:18 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\uTorrent [2011.10.19 10:38:58 | 000,032,518 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\m\Desktop\video-2011-09-04-16-06-33.mp4:TOC.WMV @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > OTL Extras logfile created on: 19.10.2011 13:08:21 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\m\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,50 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 61,35% Memory free 5,22 Gb Paging File | 4,09 Gb Available in Paging File | 78,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 33,66 Gb Total Space | 0,86 Gb Free Space | 2,57% Space Free | Partition Type: NTFS Drive D: | 78,12 Gb Total Space | 27,09 Gb Free Space | 34,68% Space Free | Partition Type: NTFS Computer Name: M-PC | User Name: m | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3056872194-1230880473-3156093642-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\m\M-1-52-5782-8752-5245\winsvc.exe" = C:\Users\m\M-1-52-5782-8752-5245\winsvc.exe:*:Enabled:Microsoft® Windows Update [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F0254B-6E68-4EE2-8A82-85D58E0D723B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{080ABC4B-7E4D-4012-AB1A-7F0A9E23C9BE}" = lport=137 | protocol=17 | dir=in | app=system | "{09347EE6-3F3E-4B41-817D-863138D726C8}" = lport=138 | protocol=17 | dir=in | app=system | "{1C5F31E1-FBE2-4DEB-A8FD-BC6B6CD24213}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{252A2B73-DF33-4B21-862E-E3669F940978}" = lport=445 | protocol=6 | dir=in | app=system | "{2679B2D2-2E41-4D5C-AEAA-7DA254BC98D9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{41D39735-B13F-439E-A04D-162332038FE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4ABD96FB-810D-4DCD-A7CA-6F3AB6C75811}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4C4C0564-AFB7-495D-B737-A325CC398EBD}" = lport=2869 | protocol=6 | dir=in | app=system | "{4FCA2D75-F33F-43CB-A35B-4DA0FBDD08D4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{587627FE-8EE5-4F6B-B161-4EDA3C6B541B}" = lport=139 | protocol=6 | dir=in | app=system | "{5B307557-2CAF-479A-A969-8B3552B573B3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{72719C25-7042-4166-A9EA-FB8EA468965F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{737E7F48-699A-4AB1-B2E6-5A64A7BB387A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{7A4860DE-1998-4F8F-91B2-72DE34B34172}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{7D040196-5057-4F2A-AEA6-6879DC297852}" = rport=138 | protocol=17 | dir=out | app=system | "{83045CD6-61FC-4EF6-9D2F-BDE5232DB38C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{88A3E981-80F6-4D8C-AD58-C184474647EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9A155702-AF4E-43F7-A28D-919B1ACBBC0F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9C88BD81-D774-4DBC-8442-821917EAB4C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B4BAFED1-7D73-4F97-ABC5-A26A7DBCFCC2}" = rport=2869 | protocol=6 | dir=out | app=system | "{C5A702C3-BCCD-4E7C-8BE0-938AE22CACEA}" = rport=445 | protocol=6 | dir=out | app=system | "{D11D4F5C-7A18-4646-B8D3-52DA64ACDE5A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D227E021-0571-47DD-9837-948815A96F00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D84ABC5B-CD6C-493C-82A1-9A1E4FD90CF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E3D2EE6E-CE70-40F2-8971-BB009BF069DB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{E3F86EEF-49D3-47E4-A84A-E1B080CDA50F}" = rport=137 | protocol=17 | dir=out | app=system | "{FDE4E794-DF2F-4E55-8D7A-20DC97C359E4}" = rport=139 | protocol=6 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09835C4F-342C-4377-A46B-6A41B0DF7028}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{09EF1D8A-64F7-46AE-9030-B15E246C56A1}" = protocol=6 | dir=in | app=c:\users\m\appdata\local\apps\2.0\8jt1h7p7.rn0\bz2rc427.8e6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{43481017-D369-49F6-87C1-B042DF86AFD0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{4BC770CF-FE81-4C33-87CD-D5ECD118E06B}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe | "{5B879C55-FE5A-4FE1-B141-A7D00E659C26}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe | "{6113ADC9-4C66-4556-BEAF-EFB020B74A1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{63DF7B6C-8325-4D80-A0DA-86C99F652B56}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{65111D18-B231-43AE-B55B-AB63F4DADA81}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{6A971337-F8D7-4732-83E0-DA7569891133}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{6AB19F02-B99C-4823-BEE5-935225C76818}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{86B0397D-0391-4B3F-AE61-74B92DC59562}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{86E967A4-3410-4DF4-9EDB-AB5E7E63C3AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8E53050D-9378-4210-9085-C257AF43E839}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{910D7B72-1BCF-4A8C-A3D3-C0211211EA97}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe | "{959A1736-83A7-4595-AC05-C75D0861DB89}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{B2784B06-E816-4D3C-8E56-F921EFDAC420}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{C7DB06AB-2B1A-4787-ACDD-111A335B30C7}" = dir=in | app=d:\program files\skype\phone\skype.exe | "{DD1B0A71-E31B-4C48-A2F2-9C8823E5A6EA}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{F1407F9B-0C17-4980-B471-8F8CB5241619}" = protocol=17 | dir=in | app=c:\users\m\appdata\local\apps\2.0\8jt1h7p7.rn0\bz2rc427.8e6\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{FBAAD4F1-B9B8-4D2D-9BAD-C6808C5427C7}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe | "{FC46FAF5-133E-4CFC-9CE9-FA715D30E308}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{11CB9A6C-BA7C-4596-BAAD-D185DB7D4392}D:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\program files\skype\phone\skype.exe | "TCP Query User{3E0E8B0D-FD5E-40A2-AF1A-82E00B4BA879}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{E77A62CD-D2D4-4803-B139-5FDDE4759D34}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{7276BAAA-1076-4163-8220-2D6484B9A13B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{74D46662-B35F-4D68-BAAB-A6824A8D1E78}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{7EF39960-B831-4189-AF8D-6A75F167ED36}D:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\program files\skype\phone\skype.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3D5B54A-9792-404F-AE8B-BDA961EBA58E}" = PerfectDisk 12 Professional "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "ClearProg" = ClearProg 1.6.0 Final "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NAVIGON Fresh" = NAVIGON Fresh 3.2.0 "Update Engine" = Sony Ericsson Update Engine "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3056872194-1230880473-3156093642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > hallo erst mal danke für die antwort. hofe ich hab das jetzt richtig gemacht |
|
|
|
|
|
|
19.10.2011, 20:44
Member
Beiträge: 420 |
#6
Hi
Ist Dein Drucker per USB an die Fritzbox angeschlossen? Bitte alle Tools, die wie einsetzen, per Rechtsklick "Als Administrator starten" ausführen. Habe ich letztens vergessen zu sagen. 1. Starte OTL, kopiere unten in das Skript-Feld rein: Zitat
und klicke auf Run Fix und poste das Log. 2. Lade aswmbr von avast! herunter http://public.avast.com/~gmerek/aswMBR.exe Starte das Programm Wähle Nein bei der Frage nach zusätzlichem Herunterladen von avast Klicke auf Scan Klicke nach dem Scan auf Save Log, speichere es ab und poste es hier (noch nichts "Fixen") |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich habe eben bei facebook einen link geschickt bekommen der da jetzt rund geht.
http://www.villamatildabb.com/images/gallery.php?l=IMG0525561.JPG
das wird jetzt automatisch an jeden meiner kontakte gesendet.
habe bisher trojan remover durchlaufen lassen und maleware byte.
hatten beide bei der ersetn suche was gefunden und angeblich beseitigt.
aber ist immer noch bei jedem kontakt in facebook
mallware byte zeigt mir in 20sex interwallen geblockte ausgänge zu einer gefährlichen seite an.
sos unerfahrener mensch braucht hilfe :-(