| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.06.2011, 14:03
| #1 |
| |  Bundespolizei Virus Hallo, habe auch den bundespolizei virus „gehabt“ ,habe hier nach eurer anleitung das System wieder hergestellt , auf das Datum von vor einem Monat. Bin mir allerdings nicht sicher ob alles bereiningt ist oder Dateien noch befallen sind. Dewegen im anfang otl und extras. Windows Vista premium home 32 bitOTL Logfile: Code:
ATTFilter OTL logfile created on: 13.06.2011 14:52:58 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Sinna\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,64% Memory free 6,19 Gb Paging File | 5,12 Gb Available in Paging File | 82,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,99 Gb Total Space | 272,68 Gb Free Space | 60,20% Space Free | Partition Type: NTFS Computer Name: SINNA-PC | User Name: Sinna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sinna\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.) PRC - C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe (Acer) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\rstrui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Sinna\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (FPSensor) EgisTech-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (Egis) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0810&m=aspire_7738 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Sinna\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56162 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 06:12:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.17 22:51:10 | 000,000,000 | ---D | M] [2010.08.22 16:45:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinna\AppData\Roaming\mozilla\Extensions [2011.05.24 07:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sinna\AppData\Roaming\mozilla\Firefox\Profiles\ifzj4yde.default\extensions [2011.03.12 12:40:55 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\Sinna\AppData\Roaming\mozilla\Firefox\Profiles\ifzj4yde.default\extensions\elemhidehelper@adblockplus.org [2011.03.15 13:21:54 | 000,000,931 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\conduit.xml [2010.08.22 18:28:37 | 000,002,354 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\ecosia.xml [2011.06.01 08:17:11 | 000,000,950 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\icqplugin-1.xml [2010.11.10 21:03:14 | 000,000,950 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\icqplugin-2.xml [2010.10.26 14:09:15 | 000,001,056 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\icqplugin.xml [2010.10.11 20:50:16 | 000,002,062 | ---- | M] () -- C:\Users\Sinna\AppData\Roaming\Mozilla\Firefox\Profiles\ifzj4yde.default\searchplugins\qip-search.xml [2011.04.17 22:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.01.24 22:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.11.16 12:00:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.03 12:04:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\SINNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IFZJ4YDE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\SINNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IFZJ4YDE.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2010.08.24 12:11:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.05.03 06:12:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.24 18:38:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Sinna\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - Startup: C:\Users\Sinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Sinna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sinna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011.06.05 19:09:20 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Documents\BlackBerry [2011.06.05 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\bbbaby [2011.06.05 18:40:05 | 000,000,000 | ---D | C] -- C:\Users\Sinna\AppData\Local\Research In Motion [2011.06.05 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion [2011.06.05 18:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion [2011.06.04 21:52:00 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\mmumumusik [2011.05.21 18:44:26 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\ausrucken [2011.05.18 20:43:55 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\rot ist tot [2011.05.18 11:52:07 | 000,000,000 | ---D | C] -- C:\Users\Sinna\Desktop\Tatts [2010.08.21 04:37:47 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.06.13 14:48:56 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.13 14:48:56 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.13 14:48:56 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.13 14:48:56 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.13 14:45:02 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{22417232-7499-4B1D-A54D-47F898DF70A7}.job [2011.06.13 14:42:14 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.06.13 14:42:14 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.06.13 14:41:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.13 14:41:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.13 14:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.13 14:41:35 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys [2011.06.05 19:20:09 | 004,940,920 | ---- | M] () -- C:\Users\Sinna\Documents\LoaderBackup-(2011-06-05).ipd [2011.05.31 06:53:03 | 000,037,081 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lc45jkM1qt1qczjnio1_500.jpg [2011.05.29 22:05:57 | 000,306,940 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lb6056F5P61qbk3yjo1_500.png [2011.05.29 22:02:53 | 000,050,491 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_leaqwcvmFx1qb1ewoo1_500.jpg [2011.05.27 21:16:09 | 000,099,351 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ldzay1ve5X1qaoueko1_500.jpg [2011.05.27 21:11:26 | 000,074,121 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lgx9ztJHeW1qak673o1_500.jpg [2011.05.27 16:09:44 | 000,072,011 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ljijhnpSW11qzqvk9o1_500.jpg [2011.05.27 11:32:47 | 000,503,890 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ljjyd2wned1qic93ho1_500.gif [2011.05.27 11:22:28 | 000,064,085 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lkajwuGc4I1qzayw1o1_500.jpg [2011.05.27 10:43:59 | 000,225,335 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lgb1jfD3n81qze3z5o1_500.png [2011.05.27 10:37:45 | 000,038,296 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ll98y6A2aF1qfhmamo1_500.jpg [2011.05.27 10:36:06 | 000,092,796 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_lllwz9n0Gb1qcuykbo1_500.jpg [2011.05.26 00:24:01 | 000,042,784 | ---- | M] () -- C:\Users\Sinna\Desktop\pikachu-41871.jpg [2011.05.26 00:19:43 | 000,088,659 | ---- | M] () -- C:\Users\Sinna\Desktop\fish.jpg [2011.05.22 19:48:46 | 000,160,594 | ---- | M] () -- C:\Users\Sinna\Desktop\232323232%7Fngo83(9)rdeduvgwu)8i;)6h;)h 6);7f)699)6(7)dg6)2( )e;e)2(c)84=ot1lsi.jpg [2011.05.22 15:50:53 | 000,507,763 | ---- | M] () -- C:\Users\Sinna\Desktop\Foto.JPG [2011.05.21 19:16:05 | 000,083,784 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_ll3ihc9eLF1qireobo1_500.jpg [2011.05.21 08:00:54 | 000,101,777 | ---- | M] () -- C:\Users\Sinna\Desktop\tumblr_l5r3cmrpFv1qa9eqho1_500.jpg ========== Files Created - No Company Name ========== [2011.06.13 14:41:35 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys [2011.06.05 19:20:09 | 004,940,920 | ---- | C] () -- C:\Users\Sinna\Documents\LoaderBackup-(2011-06-05).ipd [2011.05.31 06:53:02 | 000,037,081 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lc45jkM1qt1qczjnio1_500.jpg [2011.05.29 22:05:57 | 000,306,940 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lb6056F5P61qbk3yjo1_500.png [2011.05.29 22:02:53 | 000,050,491 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_leaqwcvmFx1qb1ewoo1_500.jpg [2011.05.27 21:16:09 | 000,099,351 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ldzay1ve5X1qaoueko1_500.jpg [2011.05.27 21:11:25 | 000,074,121 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lgx9ztJHeW1qak673o1_500.jpg [2011.05.27 16:09:44 | 000,072,011 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ljijhnpSW11qzqvk9o1_500.jpg [2011.05.27 11:32:46 | 000,503,890 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ljjyd2wned1qic93ho1_500.gif [2011.05.27 11:22:27 | 000,064,085 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lkajwuGc4I1qzayw1o1_500.jpg [2011.05.27 10:43:59 | 000,225,335 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lgb1jfD3n81qze3z5o1_500.png [2011.05.27 10:37:45 | 000,038,296 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ll98y6A2aF1qfhmamo1_500.jpg [2011.05.27 10:36:05 | 000,092,796 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_lllwz9n0Gb1qcuykbo1_500.jpg [2011.05.26 00:24:01 | 000,042,784 | ---- | C] () -- C:\Users\Sinna\Desktop\pikachu-41871.jpg [2011.05.26 00:19:43 | 000,088,659 | ---- | C] () -- C:\Users\Sinna\Desktop\fish.jpg [2011.05.22 19:48:46 | 000,160,594 | ---- | C] () -- C:\Users\Sinna\Desktop\232323232%7Fngo83(9)rdeduvgwu)8i;)6h;)h 6);7f)699)6(7)dg6)2( )e;e)2(c)84=ot1lsi.jpg [2011.05.22 15:50:52 | 000,507,763 | ---- | C] () -- C:\Users\Sinna\Desktop\Foto.JPG [2011.05.21 19:16:04 | 000,083,784 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_ll3ihc9eLF1qireobo1_500.jpg [2011.05.21 08:00:54 | 000,101,777 | ---- | C] () -- C:\Users\Sinna\Desktop\tumblr_l5r3cmrpFv1qa9eqho1_500.jpg [2011.02.04 17:40:36 | 000,001,814 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.01.17 23:17:22 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [2011.01.17 23:17:21 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat [2011.01.17 23:17:21 | 000,000,048 | ---- | C] () -- C:\Windows\KPCMS.INI [2011.01.16 14:28:14 | 000,006,204 | ---- | C] () -- C:\Users\Sinna\AppData\Roaming\1EBE.C7E [2011.01.14 07:46:37 | 000,007,808 | ---- | C] () -- C:\Users\Sinna\AppData\Local\d3d9caps.dat [2011.01.06 19:01:10 | 000,000,093 | ---- | C] () -- C:\Users\Sinna\AppData\Local\fusioncache.dat [2010.12.04 00:09:23 | 000,000,469 | ---- | C] () -- C:\Users\Sinna\AppData\Roaming\Poladroid prefs.plist [2010.09.28 15:06:25 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.09.07 23:46:01 | 000,022,528 | ---- | C] () -- C:\Users\Sinna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.25 11:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.25 11:54:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.08.22 18:01:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.20 20:11:50 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2010.08.20 20:11:50 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2010.08.20 20:11:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2010.08.20 20:11:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2010.08.20 20:11:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2010.08.20 20:11:50 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2010.08.20 20:02:05 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.08.20 19:59:57 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.12 12:47:51 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.03.12 12:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.03.12 12:47:51 | 000,131,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.03.12 12:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 04:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.05.23 00:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.05.23 00:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,329,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.11.16 12:04:34 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\.minecraft [2010.08.20 20:17:30 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Acer [2010.08.22 16:00:42 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Acer GameZone Console [2010.08.22 20:11:55 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Auslogics [2010.09.19 11:27:42 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\BOM [2011.03.31 10:38:28 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.18 21:00:56 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\ICQ [2011.01.06 19:02:20 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Imaxel [2010.09.19 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\OpenOffice.org [2011.02.16 22:55:29 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Opera [2010.08.22 17:20:57 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\QIP [2011.06.05 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\Research In Motion [2010.09.01 07:39:41 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\SharePod [2010.08.22 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\Sinna\AppData\Roaming\SoftDMA [2011.05.13 00:11:46 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.13 14:45:02 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{22417232-7499-4B1D-A54D-47F898DF70A7}.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.06.2011 14:52:58 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Sinna\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,64% Memory free
6,19 Gb Paging File | 5,12 Gb Available in Paging File | 82,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 272,68 Gb Free Space | 60,20% Space Free | Partition Type: NTFS
Computer Name: SINNA-PC | User Name: Sinna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0582F458-CC8D-45D5-8DC3-8FB8736DCEBD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{19950E14-28EF-4456-95AA-35328FAF5AAF}" = rport=137 | protocol=17 | dir=out | app=system |
"{47F42FAF-A357-405D-9C9D-7F85F4708B5B}" = lport=139 | protocol=6 | dir=in | app=system |
"{7B00F96F-4A88-489C-90D8-66D944A96068}" = rport=139 | protocol=6 | dir=out | app=system |
"{7DF2B726-28F1-4CC5-A12E-1752A0B732CB}" = lport=138 | protocol=17 | dir=in | app=system |
"{83323325-00D3-4685-9641-FE5352A2D08D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B69B136-8751-470B-9621-F956D1E0740F}" = rport=138 | protocol=17 | dir=out | app=system |
"{B217DC5E-EE06-47FD-AA22-6E3917783611}" = lport=445 | protocol=6 | dir=in | app=system |
"{C43C6586-3A2B-4BCB-A383-1FCB6B9AC5BE}" = rport=445 | protocol=6 | dir=out | app=system |
"{ECD6CB1A-B0EE-4F4C-91EA-482F785C4452}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6E309A-B1C3-4957-8B81-F6B6BDAF5E92}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{111A16C7-82CD-4E91-8CCA-4A97ECBF96C7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{18455F85-4622-4EB4-8715-A2BC95604C91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2489816D-C533-43D8-9FC8-B581BFFD8242}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{3E2E4243-F2ED-4100-A176-D5DD35356B96}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{468951FA-6553-4F25-BF2F-C45DDBF35C79}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4DA45148-6971-4CB1-BD15-B8D7E8E99C9F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5A1B401B-8A41-4B36-91C8-4CA2585515B5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{654D8CCD-D874-4AF3-98EF-63E07F245E22}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{85384E3B-C255-4BF4-A888-06A6273BE78C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9BB72814-ED55-459D-80E5-5710C07794DA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9D80E308-AB07-4C98-B1D1-315C95E0E334}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B5015BEB-E8B9-4076-9626-75FC7F8636BE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BBD71475-4390-4167-85A6-B44EB609F2BE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BD8943A2-AFBB-4AEF-8D14-9FA7E5CE8C31}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C4F5FA1F-F3B7-4ADF-8CF5-90EC9182427E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CCCD34C5-1933-4C0F-AAA4-1833340B80F3}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{F9B12EF9-A0F5-48BE-8920-84EB67034A41}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{FAFF2FAC-5DC8-4DCA-99A1-A8001883211F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{B7C545DF-4B3E-4582-881D-C1F67DFA07E5}C:\program files\qq\africa2003\qq.exe" = protocol=6 | dir=in | app=c:\program files\qq\africa2003\qq.exe |
"TCP Query User{BFA61B52-4B14-47A3-BE47-866D04E5D9B8}C:\users\sinna\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\sinna\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"UDP Query User{7433F8C1-EBCA-4CFB-AFA2-7E3C0FCE5EB1}C:\users\sinna\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\sinna\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"UDP Query User{BD1FA72B-5F0F-4B5C-8BB9-6FCE07D0D79B}C:\program files\qq\africa2003\qq.exe" = protocol=17 | dir=in | app=c:\program files\qq\africa2003\qq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD6892C-C9A8-404B-95ED-1CCE15324178}" = BlackBerry App World Browser Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"QQ2003" = QQ2003 SA
"Sandboxie" = Sandboxie 3.52
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.05.2011 12:27:33 | Computer Name = Sinna-pc | Source = WinMgmt | ID = 10
Description =
Error - 24.05.2011 15:22:02 | Computer Name = Sinna-pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.05.2011 15:23:18 | Computer Name = Sinna-pc | Source = WinMgmt | ID = 10
Description =
Error - 24.05.2011 16:36:45 | Computer Name = Sinna-pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.05.2011 16:38:02 | Computer Name = Sinna-pc | Source = WinMgmt | ID = 10
Description =
Error - 25.05.2011 01:41:16 | Computer Name = Sinna-pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.05.2011 01:42:24 | Computer Name = Sinna-pc | Source = WinMgmt | ID = 10
Description =
Error - 25.05.2011 05:43:40 | Computer Name = Sinna-pc | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.05.2011 05:44:52 | Computer Name = Sinna-pc | Source = WinMgmt | ID = 10
Description =
Error - 25.05.2011 05:45:47 | Computer Name = Sinna-pc | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 2.0.1.4120 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 620 Anfangszeit: 01cc1ac06d43d40e Zeitpunkt der Beendigung:
16
[ System Events ]
Error - 13.06.2011 08:32:58 | Computer Name = Sinna-pc | Source = Service Control Manager | ID = 7001
Description =
Error - 13.06.2011 08:32:58 | Computer Name = Sinna-pc | Source = Service Control Manager | ID = 7026
Description =
Error - 13.06.2011 08:34:20 | Computer Name = Sinna-pc | Source = DCOM | ID = 10005
Description =
Error - 13.06.2011 08:42:13 | Computer Name = Sinna-pc | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
Error - 13.06.2011 08:42:22 | Computer Name = Sinna-pc | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
Error - 13.06.2011 08:42:31 | Computer Name = Sinna-pc | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "ACER" aus.
Error - 13.06.2011 08:43:16 | Computer Name = Sinna-pc | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2011 08:43:16 | Computer Name = Sinna-pc | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2011 08:49:56 | Computer Name = Sinna-pc | Source = Service Control Manager | ID = 7022
Description =
Error - 13.06.2011 08:56:17 | Computer Name = Sinna-pc | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x8050a001 Fehlerbeschreibung: Das Programm kann keine
Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen.
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
unter "Hilfe und Support". Ladende Signaturen: %%825 Ladene Signaturversion: 1.105.929.0
Ladende
Modulversion: 1.1.6802.0
< End of report >
|
| Themen zu Bundespolizei Virus |
| 7-zip, akamai, anfang, antivir, autorun, avira, bho, bundespolizei virus, desktop, error, fehler, firefox, flash player, home, locker, logfile, mozilla, msvcrt, mywinlocker, nicht sicher, nodrives, nvlddmkm.sys, object, oldtimer, plug-in, programm, realtek, registry, rundll, scan, sched.exe, searchplugins, security, shell32.dll, shortcut, software, start menu, system, tablet, virus, vista |
Baum-Darstellung