| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: http://a389.cp.akamai.net/ popt immer auf.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2011, 08:06
| #1 |
| |  http://a389.cp.akamai.net/ popt immer auf. leider bin ich so gar kein computer experte. sobald ich den rechner anschmeisse und z.b. auf facebook gehe kommt immer diese fehler meldung von escan :hxxp://a389.cp.akamai.net/ und irgen etwas mit pornography. wie bekomme ich den mist vom pc? bitte um eine möglichkeit die auch ich verstehe und durchführen kann. vielen dank aus hamburg |
|
12.07.2011, 15:30
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | http://a389.cp.akamai.net/ popt immer auf. Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
13.07.2011, 16:02
| #3 |
| | http://a389.cp.akamai.net/ popt immer auf. Malwarebytes' Anti-Malware 1.51.0.1200
__________________Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 7110 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 13.07.2011 13:01:58 mbam-log-2011-07-13 (13-01-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 323805 Laufzeit: 2 Stunde(n), 32 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) es wurde ien trojaner in einer escan datei gefunden und entfernt. seit dem läuft der rechner fast garnicht mehr. was soll ich tun? die oldtimer seite lässt sich über den link garnicht erst öffnen. soll ich escan deinstallieren? |
|
13.07.2011, 19:33
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://a389.cp.akamai.net/ popt immer auf. Seit wann nutzt du eScan? Das wird hier schon lange aus verschiedenen Gründen nicht mehr supportet. Hat es denn was gefunden, wenn ja was? Und es ist im grunde normal wenn ein Virenscanner Schädlinge in bestandteilen eines anderen Virenscanners Schädlinge sieht!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.07.2011, 08:46
| #5 |
| | http://a389.cp.akamai.net/ popt immer auf. hab mir escan von so einem computer shop im novemeber 2010 afschwatzen lassen. hier die letzten beiden logs ohne befund: 11 Jul 2011 22:20:04 - ********************************************************** 11 Jul 2011 22:20:04 - eScan Antivirus und Spyware Werkzeugsatz. 11 Jul 2011 22:20:04 - Copyright © MicroWorld 11 Jul 2011 22:20:04 - ********************************************************** 11 Jul 2011 22:20:04 - Version 12.0.156 (C:\PROGRAM FILES\ESCAN\MWAVSCAN.COM) 11 Jul 2011 22:20:04 - Logdatei: C:\Program Files\eScan\LOG\11070000.LOG 11 Jul 2011 22:20:04 - Datum und Uhrzeit des letzten Scannens: 05.07.2011 13:06:58 11 Jul 2011 22:20:04 - MWAV Registered: TRUE 11 Jul 2011 22:20:04 - User Account: HighkoS (Administrator Mode) 11 Jul 2011 22:20:04 - OS Type: Windows Workstation 11 Jul 2011 22:20:04 - OS: Windows Vista [OS Install Date: 04 Aug 2008 12:29:27] 11 Jul 2011 22:20:04 - Ver: Personal Service Pack 2 (Build 6002) 11 Jul 2011 22:20:04 - System Up Time: 2 Hours, 0 Minute, 31 Seconds 11 Jul 2011 22:20:04 - Parent Process Name : C:\Program Files\eScan\escanpro.exe 11 Jul 2011 22:20:04 - Windows Root Folder: C:\Windows 11 Jul 2011 22:20:04 - Windows Sys32 Folder: C:\Windows\system32 11 Jul 2011 22:20:04 - DHCP NameServer: 192.168.0.1 11 Jul 2011 22:20:04 - Interface0 DHCPNameServer: 192.168.0.1 11 Jul 2011 22:20:04 - Local Fixed Drives: c:\ 11 Jul 2011 22:20:04 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 11 Jul 2011 22:20:04 - Optionen für Kommandozeile angegeben: /pipe=2924escan /Log=C:\PROGRA~1\eScan\Log\11070000.log /SC /LOGINFECT /MAXFILESIZE=5 /DRIVE /S 11 Jul 2011 22:20:06 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\PROGRA~1\ESCAN\LOG\ESCANDB.LOG] 11 Jul 2011 22:20:09 - Loaded/Created FileScan Database... 11 Jul 2011 22:20:09 - Loading AV Library [DB]... 11 Jul 2011 22:20:15 - AV Library Loaded [IPC]. 11 Jul 2011 22:20:15 - ********************************************************** 11 Jul 2011 22:20:15 - eScan Antivirus und Spyware Werkzeugsatz. 11 Jul 2011 22:20:15 - Copyright © MicroWorld 11 Jul 2011 22:20:15 - 11 Jul 2011 22:20:15 - Support: support@escanav.com 11 Jul 2011 22:20:15 - Web: www.nexus-service.de 11 Jul 2011 22:20:15 - ********************************************************** 11 Jul 2011 22:20:15 - Version 12.0.156[IPC] (C:\PROGRAM FILES\ESCAN\MWAVSCAN.COM) 11 Jul 2011 22:20:15 - Logdatei: C:\Program Files\eScan\LOG\11070000.LOG 11 Jul 2011 22:20:15 - User Account: HighkoS (Administrator Mode) 11 Jul 2011 22:20:15 - Parent Process Name : C:\Program Files\eScan\escanpro.exe 11 Jul 2011 22:20:15 - Windows Root Folder: C:\Windows 11 Jul 2011 22:20:15 - Windows Sys32 Folder: C:\Windows\system32 11 Jul 2011 22:20:15 - OS: Windows Vista [OS Install Date: 04 Aug 2008 12:29:27] 11 Jul 2011 22:20:15 - Ver: Personal Service Pack 2 (Build 6002) 11 Jul 2011 22:20:15 - Vom Benutzer gewählte Optionen: 11 Jul 2011 22:20:15 - Speicherüberprüfung: Deaktiviert 11 Jul 2011 22:20:15 - Überprüfung der Registrierungsdatenbank: Deaktiviert 11 Jul 2011 22:20:15 - Überprüfung des Startordners: Deaktiviert 11 Jul 2011 22:20:15 - Überprüfung des Systemordners: Deaktiviert 11 Jul 2011 22:20:15 - Überprüfung der Dienste: Deaktiviert 11 Jul 2011 22:20:15 - Scannen Spyware: Deaktiviert 11 Jul 2011 22:20:15 - Überprüfung der Laufwerke: Deaktiviert 11 Jul 2011 22:20:15 - Überprüfung aller Laufwerke:Aktiviert 11 Jul 2011 22:20:15 - Überprüfung der Ordner: Deaktiviert 11 Jul 2011 22:20:15 - SCAN: All_Files 11 Jul 2011 22:20:15 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 11 Jul 2011 22:20:15 - ***** Alle Laufwerke werden gescannt ***** 11 Jul 2011 22:20:15 - Laufwerk C:\ wird gescannt ... 11 Jul 2011 22:30:32 - ********************************************************** 11 Jul 2011 22:30:32 - eScan Antivirus und Spyware Werkzeugsatz. 11 Jul 2011 22:30:32 - Copyright © MicroWorld 11 Jul 2011 22:30:32 - ********************************************************** 11 Jul 2011 22:30:32 - Version 12.0.156 (C:\PROGRAM FILES\ESCAN\MWAVSCAN.COM) 11 Jul 2011 22:30:32 - Logdatei: C:\Program Files\eScan\LOG\11070001.LOG 11 Jul 2011 22:30:32 - Datum und Uhrzeit des letzten Scannens: 11.07.2011 22:20:15 11 Jul 2011 22:30:32 - MWAV Registered: TRUE 11 Jul 2011 22:30:32 - User Account: HighkoS (Administrator Mode) 11 Jul 2011 22:30:32 - OS Type: Windows Workstation 11 Jul 2011 22:30:32 - OS: Windows Vista [OS Install Date: 04 Aug 2008 12:29:27] 11 Jul 2011 22:30:32 - Ver: Personal Service Pack 2 (Build 6002) 11 Jul 2011 22:30:32 - System Up Time: 2 Hours, 10 Minutes, 59 Seconds 11 Jul 2011 22:30:32 - Parent Process Name : C:\Program Files\eScan\escanpro.exe 11 Jul 2011 22:30:32 - Windows Root Folder: C:\Windows 11 Jul 2011 22:30:32 - Windows Sys32 Folder: C:\Windows\system32 11 Jul 2011 22:30:32 - DHCP NameServer: 192.168.0.1 11 Jul 2011 22:30:32 - Interface0 DHCPNameServer: 192.168.0.1 11 Jul 2011 22:30:32 - Local Fixed Drives: c:\ 11 Jul 2011 22:30:32 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 11 Jul 2011 22:30:32 - Optionen für Kommandozeile angegeben: /pipe=4408escan /Log=C:\PROGRA~1\eScan\Log\11070001.log /SC /LOGINFECT /MAXFILESIZE=5 /DRIVE /S 11 Jul 2011 22:30:33 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\PROGRA~1\ESCAN\LOG\ESCANDB.LOG] 11 Jul 2011 22:30:33 - Loaded/Created FileScan Database... 11 Jul 2011 22:30:33 - Loading AV Library [DB]... 11 Jul 2011 22:30:36 - AV Library Loaded [IPC]. 11 Jul 2011 22:30:36 - ********************************************************** 11 Jul 2011 22:30:36 - eScan Antivirus und Spyware Werkzeugsatz. 11 Jul 2011 22:30:36 - Copyright © MicroWorld 11 Jul 2011 22:30:36 - 11 Jul 2011 22:30:36 - Support: support@escanav.com 11 Jul 2011 22:30:36 - Web: www.nexus-service.de 11 Jul 2011 22:30:36 - ********************************************************** 11 Jul 2011 22:30:36 - Version 12.0.156[IPC] (C:\PROGRAM FILES\ESCAN\MWAVSCAN.COM) 11 Jul 2011 22:30:36 - Logdatei: C:\Program Files\eScan\LOG\11070001.LOG 11 Jul 2011 22:30:36 - User Account: HighkoS (Administrator Mode) 11 Jul 2011 22:30:36 - Parent Process Name : C:\Program Files\eScan\escanpro.exe 11 Jul 2011 22:30:36 - Windows Root Folder: C:\Windows 11 Jul 2011 22:30:36 - Windows Sys32 Folder: C:\Windows\system32 11 Jul 2011 22:30:36 - OS: Windows Vista [OS Install Date: 04 Aug 2008 12:29:27] 11 Jul 2011 22:30:36 - Ver: Personal Service Pack 2 (Build 6002) 11 Jul 2011 22:30:36 - Vom Benutzer gewählte Optionen: 11 Jul 2011 22:30:36 - Speicherüberprüfung: Deaktiviert 11 Jul 2011 22:30:36 - Überprüfung der Registrierungsdatenbank: Deaktiviert 11 Jul 2011 22:30:36 - Überprüfung des Startordners: Deaktiviert 11 Jul 2011 22:30:36 - Überprüfung des Systemordners: Deaktiviert 11 Jul 2011 22:30:36 - Überprüfung der Dienste: Deaktiviert 11 Jul 2011 22:30:36 - Scannen Spyware: Deaktiviert 11 Jul 2011 22:30:36 - Überprüfung der Laufwerke: Deaktiviert 11 Jul 2011 22:30:36 - Überprüfung aller Laufwerke:Aktiviert 11 Jul 2011 22:30:36 - Überprüfung der Ordner: Deaktiviert 11 Jul 2011 22:30:36 - SCAN: All_Files 11 Jul 2011 22:30:36 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 11 Jul 2011 22:30:36 - ***** Alle Laufwerke werden gescannt ***** 11 Jul 2011 22:30:36 - Laufwerk C:\ wird gescannt ... 11 Jul 2011 22:52:23 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 22:52:23 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{04e9d16c-984b-11e0-9476-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{04e9d16c-984b-11e0-9476-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{0ec98332-9b65-11e0-8ec4-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{0ec98332-9b65-11e0-8ec4-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{1124b893-a418-11e0-a06b-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{1124b893-a418-11e0-a06b-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{373ffa5e-a92e-11e0-90bb-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{373ffa5e-a92e-11e0-90bb-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{5ef6b451-9f2f-11e0-9060-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{5ef6b451-9f2f-11e0-9060-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{72ef334d-98f9-11e0-9790-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{72ef334d-98f9-11e0-9790-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{72ef3351-98f9-11e0-9790-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{72ef3351-98f9-11e0-9790-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{92caf4de-a184-11e0-99b2-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{92caf4de-a184-11e0-99b2-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{b50af005-a6ca-11e0-8503-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{b50af005-a6ca-11e0-8503-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{c2e05644-a8cb-11e0-a10c-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{c2e05644-a8cb-11e0-a10c-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{cfed7a53-a2f6-11e0-ba64-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{cfed7a53-a2f6-11e0-ba64-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{d62c198d-9bfd-11e0-b980-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{d62c198d-9bfd-11e0-b980-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{e79419ec-a993-11e0-b25e-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{e79419ec-a993-11e0-b25e-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{eb97bcd3-a70a-11e0-adb0-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{eb97bcd3-a70a-11e0-adb0-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:54:27 - Datei C:\System Volume Information\{fc998043-9f0d-11e0-a076-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 11 Jul 2011 22:54:27 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{fc998043-9f0d-11e0-a076-001a80b74f30}{3808876b-c176-4e48-b7ae-04046e6cc752} 11 Jul 2011 22:55:43 - C:\Users\HighkoS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PTRULLID\anlage.PDF konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:04:30 - C:\Users\HighkoS\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:17:28 - C:\Users\HighkoS\Desktop\sammelsurium\abrechnungoktober.pdf konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:17:43 - Datei C:\Users\HighkoS\Favorites\Börsenspiel · Portfolio Rene Preuss iNFORMUNiTY.url wird gescannt 11 Jul 2011 23:17:43 - ERROR(3)!!! ScanFile fails for C:\Users\HighkoS\Favorites\Börsenspiel · Portfolio Rene Preuss iNFORMUNiTY.url 11 Jul 2011 23:23:08 - C:\Users\HighkoS\ntuser.dat.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:38:42 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:38:42 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:38:43 - C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:38:44 - C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:14 - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:14 - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:44 - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:44 - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:51 - C:\Windows\System32\config\components konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:51 - C:\Windows\System32\config\COMPONENTS.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:51 - C:\Windows\System32\config\default konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\DEFAULT.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\RegBack\COMPONENTS konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\RegBack\DEFAULT konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\RegBack\SAM konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\RegBack\SECURITY konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\RegBack\SOFTWARE konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\RegBack\SYSTEM konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\sam konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\SAM.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\security konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\SECURITY.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\software konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\SOFTWARE.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\system konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:40:52 - C:\Windows\System32\config\SYSTEM.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 11 Jul 2011 23:45:10 - C:\Windows\System32\ivireg.ivr konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 12 Jul 2011 00:23:08 - ***** Scannen abgeschlossen ***** 12 Jul 2011 00:23:08 - Zahl der gescannten Objekte: 186648 12 Jul 2011 00:23:08 - Zahl der kritischen Objekte: 0 12 Jul 2011 00:23:08 - Zahl der desinfizierten Objekte: 0 12 Jul 2011 00:23:08 - Zahl der umbenannten Objekte: 0 12 Jul 2011 00:23:08 - Zahl der gelöschten Objekte: 0 12 Jul 2011 00:23:08 - Gesamtzahl der Fehler: 0 12 Jul 2011 00:23:08 - Zeit verstrichen: 01:50:58 12 Jul 2011 00:23:08 - Scannen abgeschlossen. 12 Jul 2011 00:23:08 - Uninitializing Scanner (3)... 12 Jul 2011 00:23:08 - Freeing Libraries (3)... 12 Jul 2011 00:23:09 - AV Library Unloaded (3)... ich kann aktuell mit dem pc alles machen. es nerven nur die popups mit der zugriffwarnung die ich dann ablehne, sowie die schleppende geschwindigkeit. warum bekomme ich bei dem oldtimer link die meldung, dass die seite nicht angezeigt werden kann? |
|
14.07.2011, 10:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://a389.cp.akamai.net/ popt immer auf. Hier ein alternativer Link zu OTL => File-Upload.net - OTL.exe eScan bitte deinstallieren
__________________ --> http://a389.cp.akamai.net/ popt immer auf. |
|
14.07.2011, 20:36
| #7 |
| | http://a389.cp.akamai.net/ popt immer auf. hier nun der OTL log escan ist gelöscht! kannst du mir ein vernünftiges kostenloses antivirenprogram als alternative zu escan empfehlen? OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.07.2011 21:26:37 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\HighkoS\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,23% Memory free 4,22 Gb Paging File | 3,01 Gb Available in Paging File | 71,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,67 Gb Total Space | 21,59 Gb Free Space | 15,24% Space Free | Partition Type: NTFS Computer Name: HIGHKOS-PC | User Name: HighkoS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2011.07.14 21:24:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\HighkoS\Desktop\OTL.exe PRC - [2011.06.28 19:21:43 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011.06.18 08:01:31 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe PRC - [2011.06.17 18:34:47 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.04.29 13:19:39 | 000,384,520 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Programme\Common Files\MicroWorld\Agent\mwaser.exe PRC - [2011.04.29 13:19:34 | 000,570,888 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Programme\Common Files\MicroWorld\Agent\MWAGENT.EXE PRC - [2009.10.11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.16 12:49:26 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe PRC - [2007.06.10 02:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe PRC - [2007.06.10 02:12:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe PRC - [2007.06.10 02:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (SafeList) ========== MOD - [2011.07.14 21:24:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\HighkoS\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Running] -- -- (EconService) SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.29 13:19:39 | 000,384,520 | ---- | M] (MicroWorld Technologies Inc.) [Auto | Running] -- C:\Programme\Common Files\MicroWorld\Agent\mwaser.exe -- (MWAgent) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 12:49:26 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2007.09.28 22:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2007.06.20 16:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.06.20 16:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2007.06.20 16:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) SRV - [2007.06.20 16:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2007.06.20 16:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) SRV - [2007.06.20 16:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2007.01.10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Running] -- -- (ProcObsrves) DRV - File not found [Kernel | Disabled | Stop_Pending] -- -- (ProcObsrv) DRV - File not found [Kernel | Disabled | Running] -- -- (econcealMP) DRV - File not found [File_System | Disabled | Running] -- -- (bdfsfltr) DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2008.08.18 06:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.09.20 02:17:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.09.19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.08.29 03:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.06.10 02:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.06 02:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.02.13 20:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15003&l=dis" FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.27 10:33:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.15 17:41:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 11:05:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.27 10:33:01 | 000,000,000 | ---D | M] [2010.01.20 21:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HighkoS\AppData\Roaming\mozilla\Extensions [2011.05.14 21:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HighkoS\AppData\Roaming\mozilla\Firefox\Profiles\7hn1gz9i.default\extensions [2010.01.24 11:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HighkoS\AppData\Roaming\mozilla\Firefox\Profiles\7hn1gz9i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.19 09:37:48 | 000,002,384 | ---- | M] () -- C:\Users\HighkoS\AppData\Roaming\Mozilla\Firefox\Profiles\7hn1gz9i.default\searchplugins\askcom.xml [2010.01.20 21:08:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.27 10:33:01 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2010.01.20 21:08:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1225827096 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} hxxp://download.pplive.com/config/pplite/pluginsetup.cab (PPLive Lite Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\HighkoS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\HighkoS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{697b0306-e366-11de-92bb-001a80b74f30}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Play.exe O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.14 21:24:57 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\HighkoS\Desktop\OTL.exe [2011.07.13 19:26:14 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.13 19:26:08 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.07.13 19:26:08 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.07.13 17:54:39 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2011.07.13 17:54:39 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2011.07.13 09:52:24 | 000,000,000 | ---D | C] -- C:\Users\HighkoS\AppData\Roaming\Malwarebytes [2011.07.13 09:52:10 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.13 09:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.13 09:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.13 09:52:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.13 09:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.12 08:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2011.07.12 08:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011.06.18 08:01:31 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.06.18 08:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011.06.17 18:34:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.06.17 18:34:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.06.17 18:34:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.06.17 18:34:47 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.06.17 18:34:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.06.17 18:34:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.06.17 18:34:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.06.17 18:34:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.06.17 18:34:46 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.06.17 18:34:46 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.06.17 18:34:46 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.06.17 18:34:46 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.06.17 18:34:46 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.06.17 18:34:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.06.17 18:34:46 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.06.17 18:34:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.06.17 18:34:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.06.17 18:34:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.06.17 18:34:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.06.17 18:34:45 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.06.17 18:34:45 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.06.17 18:34:45 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.06.17 18:34:45 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.06.17 18:34:45 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.06.17 18:34:45 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.06.17 18:34:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.06.17 18:34:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.06.17 18:34:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.06.17 18:34:44 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.06.17 18:34:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.06.17 18:34:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.06.17 18:34:44 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.06.17 18:34:44 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.06.17 18:34:44 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.06.17 18:34:43 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.06.17 18:34:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.06.17 18:34:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.06.17 18:34:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.06.17 18:34:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.06.16 20:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.06.16 20:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.14 21:29:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.14 21:24:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\HighkoS\Desktop\OTL.exe [2011.07.14 20:12:38 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.07.14 20:12:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.14 20:12:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 20:12:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.14 20:12:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.14 20:12:19 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2011.07.14 09:36:15 | 000,412,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.13 17:20:31 | 000,332,721 | ---- | M] () -- C:\Users\HighkoS\Documents\pinfect.zip [2011.07.13 09:52:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.11 22:30:01 | 000,000,104 | ---- | M] () -- C:\Users\HighkoS\Desktop\Papierkorb - Verknüpfung.lnk [2011.07.05 23:16:27 | 000,186,888 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwnsp.dll [2011.07.05 23:16:26 | 000,588,296 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwtsp.dll [2011.06.23 19:46:17 | 000,002,631 | ---- | M] () -- C:\Users\HighkoS\Desktop\Microsoft Office Word 2007.lnk [2011.06.19 00:04:10 | 000,965,128 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\test2.exe [2011.06.18 08:01:32 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.06.17 18:35:01 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.06.17 18:35:01 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.06.17 18:34:48 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.06.17 18:34:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.06.17 18:34:47 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.06.17 18:34:47 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.06.17 18:34:47 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.06.17 18:34:47 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.06.17 18:34:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.06.17 18:34:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.06.17 18:34:46 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.06.17 18:34:46 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.06.17 18:34:46 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.06.17 18:34:46 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.06.17 18:34:46 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.06.17 18:34:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.06.17 18:34:46 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.06.17 18:34:46 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.06.17 18:34:46 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.06.17 18:34:46 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.06.17 18:34:46 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.06.17 18:34:45 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.06.17 18:34:45 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.06.17 18:34:45 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.06.17 18:34:45 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.06.17 18:34:45 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.06.17 18:34:45 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.06.17 18:34:45 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.06.17 18:34:44 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.06.17 18:34:44 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.06.17 18:34:44 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.06.17 18:34:44 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.06.17 18:34:44 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.06.17 18:34:44 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.06.17 18:34:44 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.06.17 18:34:44 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.06.17 18:34:44 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.06.17 18:34:43 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.06.17 18:34:43 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.06.17 18:34:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.06.17 18:34:43 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.06.17 18:34:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.06.16 20:53:39 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.13 17:20:31 | 000,332,721 | ---- | C] () -- C:\Users\HighkoS\Documents\pinfect.zip [2011.07.13 09:52:10 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.11 22:30:01 | 000,000,104 | ---- | C] () -- C:\Users\HighkoS\Desktop\Papierkorb - Verknüpfung.lnk [2011.06.17 18:34:46 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.06.16 20:53:39 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.03 12:55:07 | 000,338,176 | ---- | C] () -- C:\Windows\System32\wget.exe [2010.11.03 12:55:07 | 000,293,896 | ---- | C] () -- C:\Windows\System32\curl.exe [2010.11.03 12:55:07 | 000,172,040 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.11.03 12:54:56 | 000,000,704 | ---- | C] () -- C:\Windows\Win.Bak.Ini [2010.05.27 10:32:21 | 000,023,688 | ---- | C] () -- C:\Windows\hpqins15.dat [2009.12.14 18:12:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.30 10:56:47 | 000,176,817 | ---- | C] () -- C:\Windows\hphins33.dat [2009.10.21 09:00:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.21 09:00:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.22 11:32:14 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat [2009.01.22 07:09:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.04 19:10:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.08.05 17:01:59 | 000,000,148 | ---- | C] () -- C:\Windows\wininit.ini [2008.08.05 16:59:50 | 000,000,100 | ---- | C] () -- C:\Windows\Kit.ini [2008.08.04 12:41:05 | 000,054,272 | ---- | C] () -- C:\Users\HighkoS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.04 12:41:05 | 000,001,356 | ---- | C] () -- C:\Users\HighkoS\AppData\Local\d3d9caps.dat [2007.11.17 06:02:39 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.11.17 05:43:20 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2007.11.07 23:22:11 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.11.07 23:22:11 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.11.07 23:22:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll [2007.11.07 14:34:17 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat [2006.11.02 17:33:31 | 001,497,168 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,408,926 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,412,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,861,530 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,358,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI < End of report > |
|
15.07.2011, 09:58
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://a389.cp.akamai.net/ popt immer auf. Du solltest einen CustomScan mit OTL machen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2011, 16:28
| #9 |
| | http://a389.cp.akamai.net/ popt immer auf. sorry, aber was ist ein CustomScan? was habe ich dann mit OTL gemacht? |
|
15.07.2011, 22:02
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://a389.cp.akamai.net/ popt immer auf. Ich hab doch oben alles genau mit einer Anleitung beschrieben!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2011, 19:09
| #11 |
| | http://a389.cp.akamai.net/ popt immer auf. OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.07.2011 19:52:23 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\HighkoS\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,17% Memory free 4,21 Gb Paging File | 3,44 Gb Available in Paging File | 81,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,67 Gb Total Space | 22,68 Gb Free Space | 16,01% Space Free | Partition Type: NTFS Computer Name: HIGHKOS-PC | User Name: HighkoS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.14 21:24:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\HighkoS\Desktop\OTL.exe PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.04.29 13:19:39 | 000,384,520 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Programme\Common Files\MicroWorld\Agent\mwaser.exe PRC - [2011.04.29 13:19:34 | 000,570,888 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Programme\Common Files\MicroWorld\Agent\MWAGENT.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.16 12:49:26 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe PRC - [2007.06.10 02:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe PRC - [2007.06.10 02:12:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe PRC - [2007.06.10 02:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (SafeList) ========== MOD - [2011.07.14 21:24:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\HighkoS\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.29 13:19:39 | 000,384,520 | ---- | M] (MicroWorld Technologies Inc.) [Auto | Running] -- C:\Programme\Common Files\MicroWorld\Agent\mwaser.exe -- (MWAgent) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 12:49:26 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2007.09.28 22:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2007.06.20 16:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.06.20 16:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2007.06.20 16:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) SRV - [2007.06.20 16:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2007.06.20 16:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) SRV - [2007.06.20 16:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2007.01.10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) ========== Driver Services (SafeList) ========== DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2008.08.18 06:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.09.20 02:17:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.09.19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.08.29 03:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.06.10 02:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.06 02:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007.02.13 20:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15003&l=dis" FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.27 10:33:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.15 17:41:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 11:05:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.27 10:33:01 | 000,000,000 | ---D | M] [2010.01.20 21:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HighkoS\AppData\Roaming\mozilla\Extensions [2011.05.14 21:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HighkoS\AppData\Roaming\mozilla\Firefox\Profiles\7hn1gz9i.default\extensions [2010.01.24 11:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HighkoS\AppData\Roaming\mozilla\Firefox\Profiles\7hn1gz9i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.19 09:37:48 | 000,002,384 | ---- | M] () -- C:\Users\HighkoS\AppData\Roaming\Mozilla\Firefox\Profiles\7hn1gz9i.default\searchplugins\askcom.xml [2010.01.20 21:08:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.27 10:33:01 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2010.01.20 21:08:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1225827096 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} hxxp://download.pplive.com/config/pplite/pluginsetup.cab (PPLive Lite Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\HighkoS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\HighkoS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{697b0306-e366-11de-92bb-001a80b74f30}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Play.exe O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: dosxdate - hkey= - key= - File not found MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: PPAP - hkey= - key= - C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.dvsd - C:\Programme\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.14 21:24:57 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\HighkoS\Desktop\OTL.exe [2011.07.13 17:54:39 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2011.07.13 17:54:39 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2011.07.13 09:52:24 | 000,000,000 | ---D | C] -- C:\Users\HighkoS\AppData\Roaming\Malwarebytes [2011.07.13 09:52:10 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.13 09:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.13 09:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.13 09:52:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.13 09:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.12 08:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2011.07.12 08:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011.06.18 08:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.17 19:42:48 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.17 19:42:47 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.07.17 19:42:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.17 19:42:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.17 19:42:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.17 19:42:33 | 2135,363,584 | -HS- | M] () -- C:\hiberfil.sys [2011.07.17 11:29:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.14 21:24:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\HighkoS\Desktop\OTL.exe [2011.07.14 09:36:15 | 000,412,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.13 17:20:31 | 000,332,721 | ---- | M] () -- C:\Users\HighkoS\Documents\pinfect.zip [2011.07.13 09:52:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.11 22:30:01 | 000,000,104 | ---- | M] () -- C:\Users\HighkoS\Desktop\Papierkorb - Verknüpfung.lnk [2011.07.05 23:16:27 | 000,186,888 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwnsp.dll [2011.07.05 23:16:26 | 000,588,296 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwtsp.dll [2011.06.23 19:46:17 | 000,002,631 | ---- | M] () -- C:\Users\HighkoS\Desktop\Microsoft Office Word 2007.lnk [2011.06.19 00:04:10 | 000,965,128 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\test2.exe [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.13 17:20:31 | 000,332,721 | ---- | C] () -- C:\Users\HighkoS\Documents\pinfect.zip [2011.07.13 09:52:10 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.11 22:30:01 | 000,000,104 | ---- | C] () -- C:\Users\HighkoS\Desktop\Papierkorb - Verknüpfung.lnk [2010.11.03 12:55:07 | 000,338,176 | ---- | C] () -- C:\Windows\System32\wget.exe [2010.11.03 12:55:07 | 000,293,896 | ---- | C] () -- C:\Windows\System32\curl.exe [2010.11.03 12:55:07 | 000,172,040 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.11.03 12:54:56 | 000,000,704 | ---- | C] () -- C:\Windows\Win.Bak.Ini [2010.05.27 10:32:21 | 000,023,688 | ---- | C] () -- C:\Windows\hpqins15.dat [2009.12.14 18:12:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.30 10:56:47 | 000,176,817 | ---- | C] () -- C:\Windows\hphins33.dat [2009.10.21 09:00:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.21 09:00:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.22 11:32:14 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat [2009.01.22 07:09:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.04 19:10:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.08.05 17:01:59 | 000,000,148 | ---- | C] () -- C:\Windows\wininit.ini [2008.08.05 16:59:50 | 000,000,100 | ---- | C] () -- C:\Windows\Kit.ini [2008.08.04 12:41:05 | 000,054,272 | ---- | C] () -- C:\Users\HighkoS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.04 12:41:05 | 000,001,356 | ---- | C] () -- C:\Users\HighkoS\AppData\Local\d3d9caps.dat [2007.11.17 06:02:39 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.11.17 05:43:20 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2007.11.07 23:22:11 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.11.07 23:22:11 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.11.07 23:22:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll [2007.11.07 14:34:17 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat [2006.11.02 17:33:31 | 001,497,168 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,408,926 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,412,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,861,530 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,358,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.10.28 13:41:57 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\fotobuch.de AG [2010.12.03 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\InterVideo [2011.03.08 23:25:19 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\LEGO Company [2010.11.03 12:58:42 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\MicroWorld [2010.10.22 21:57:58 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\PPlive [2009.10.28 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\temp [2011.07.17 17:08:22 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.29 17:12:51 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Adobe [2011.05.01 21:27:43 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Apple Computer [2010.04.18 20:25:12 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\DivX [2009.10.28 13:41:57 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\fotobuch.de AG [2011.04.27 11:37:25 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Google [2009.10.30 11:15:59 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\HP [2007.11.07 14:32:27 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Identities [2007.11.17 05:42:55 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\InstallShield [2010.12.03 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\InterVideo [2011.03.08 23:25:19 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\LEGO Company [2007.11.07 17:10:20 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Macromedia [2011.07.13 09:52:24 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Media Center Programs [2011.02.15 13:27:18 | 000,000,000 | --SD | M] -- C:\Users\HighkoS\AppData\Roaming\Microsoft [2010.11.03 12:58:42 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\MicroWorld [2010.01.20 21:01:52 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Mozilla [2010.10.22 21:57:58 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\PPlive [2009.11.08 22:14:57 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Roxio [2008.11.01 10:09:36 | 000,000,000 | RH-D | M] -- C:\Users\HighkoS\AppData\Roaming\SecuROM [2008.10.09 21:49:11 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Skype [2008.10.01 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Sony Corporation [2009.10.28 11:49:23 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\temp [2009.10.30 11:08:42 | 000,000,000 | ---D | M] -- C:\Users\HighkoS\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2010.01.29 17:12:11 | 000,038,784 | ---- | M] () -- C:\Users\HighkoS\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2009.09.23 08:07:05 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\HighkoS\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2010.10.22 21:57:58 | 003,724,160 | ---- | M] () -- C:\Users\HighkoS\AppData\Roaming\PPlive\PPLite\Update\PPLite_Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.09.26 20:36:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.09.26 20:36:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.09.26 20:36:37 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\Drivers\SATA Driver (Intel) (Non-RAID) 7.0A - 7.0.0.1020\iastor.sys [2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys [2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.07 15:00:37 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.11.07 15:00:37 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2007.11.07 23:23:17 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.11.07 23:23:15 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.11.07 23:23:17 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.11.07 23:23:28 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.11.07 23:23:30 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < Schliesse bitte nun alle Programme > < End of report > |
|
17.07.2011, 19:12
| #12 |
| | http://a389.cp.akamai.net/ popt immer auf. wollte nochmal nach einem guten antivirenprogtam fragen... ;-) |
|
17.07.2011, 19:26
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://a389.cp.akamai.net/ popt immer auf. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{697b0306-e366-11de-92bb-001a80b74f30}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Play.exe
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2011, 08:39
| #14 |
| | http://a389.cp.akamai.net/ popt immer auf. ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{697b0306-e366-11de-92bb-001a80b74f30}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{697b0306-e366-11de-92bb-001a80b74f30}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Play.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.26.1 log created on 07182011_093712 |
|
18.07.2011, 10:14
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://a389.cp.akamai.net/ popt immer auf. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu http://a389.cp.akamai.net/ popt immer auf. |
| compu, computer, durchführen, escan, facebook, fehler, hamburg, meldung, möglichkeit, rechner, sobald |
Textbox.
.
