| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei Trojaner OTL LogWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.08.2011, 19:58
| #1 |
 |  Bundespolizei Trojaner OTL Log Hi, ich bräuchte mal eine weiterführende Info, was jetzt zu tun ist: Hier die Logs: OTL-Log: Code:
ATTFilter OTL logfile created on: 14.08.2011 20:08:37 - Run 3 OTL by OldTimer - Version 3.2.26.2 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 83,32% Memory free 2,86 Gb Paging File | 2,79 Gb Available in Paging File | 97,75% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 58,59 Gb Total Space | 1,47 Gb Free Space | 2,50% Space Free | Partition Type: NTFS Drive D: | 53,22 Gb Total Space | 0,40 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Drive E: | 0,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WITT | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\lsasrv.dll (Microsoft Corporation) MOD - C:\Programme\7-Zip\7-zip.dll (Igor Pavlov) MOD - C:\WINDOWS\system32\odbc32.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll (Microsoft Corporation) MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\BitZipper\BZSHLEXT.DLL (Bitberry Software) MOD - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) MOD - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll (STLport Consulting, Inc.) MOD - C:\Programme\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - C:\WINDOWS\system32\wbem\fastprox.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wmiprvsd.dll (Microsoft Corporation) MOD - C:\WINDOWS\explorer.exe (Microsoft Corporation) MOD - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wbemcore.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wbemess.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wbemcomn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\winscard.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wmiutils.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\samsrv.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\scesrv.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\scecli.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\repdrvfs.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\regapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\profmap.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\powrprof.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netlogon.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\ncprov.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ncobjapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\nddeapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msgina.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mlang.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\esent.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\esscli.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\eventlog.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\cryptdll.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\certcli.dll (Microsoft Corporation) MOD - C:\WINDOWS\AppPatch\acgenral.dll (Microsoft Corporation) MOD - C:\WINDOWS\AppPatch\acadproc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\shdoclc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\browselc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msprivs.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\odbcint.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\PortableDeviceApi.dll (Microsoft Corporation) MOD - C:\Programme\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (WTService) -- C:\WINDOWS\System32\atwtusb.exe () SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (vhidmini) -- C:\WINDOWS\system32\drivers\walvhid.sys (Windows (R) Win 7 DDK provider) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.) DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (moufiltr) -- C:\WINDOWS\system32\drivers\moufiltr.sys (Windows (R) Codename Longhorn DDK provider) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (smp_lpt) -- C:\WINDOWS\system32\drivers\smp_LPT.sys (Ross Garner) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys (Macrovision Europe Ltd) DRV - (713xTVCard) -- C:\WINDOWS\system32\drivers\SAA713x.sys (Philips Semiconductors) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.02.12 16:40:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.02.12 16:40:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.06.24 22:38:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.29 13:32:48 | 000,000,000 | ---D | M] [2009.04.25 09:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2009.04.25 09:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\72dhfid3.default\extensions [2011.05.16 11:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.13 15:33:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.09.13 23:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.07.26 01:58:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.27 19:32:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.06.24 22:38:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2009.08.09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll [2009.08.09 02:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll [2011.03.25 21:27:03 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.25 21:27:03 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.03.25 21:27:03 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.03.25 21:27:03 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.25 21:27:03 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.25 21:27:03 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, Inc. and H.C. Top Systems B.V.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-507921405-117609710-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240673407625 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\jashla.exe) - C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\jashla.exe (Sacramento Fullerton Burma VerdiKaddish Kelly O'Sullivan AmeradaGoodwin NubiaBeebeDelphi Ottawa Garvey Cambridge Jeremiah ) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.24 21:06:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.14 20:08:12 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2011.08.14 19:11:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien [2011.08.14 19:05:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache [2011.08.10 19:10:23 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2011.08.10 19:09:53 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys [2011.08.10 19:08:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2011.07.19 22:54:35 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2011.07.19 22:49:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information [2011.07.19 22:49:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CanoScan LiDE 110 [2011.07.19 22:49:31 | 001,335,296 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQ2414C.dll [2011.07.19 22:49:31 | 000,438,272 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQ2414L.dll [2011.07.19 22:49:31 | 000,114,688 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQ2414I.dll [2011.07.19 22:49:31 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNQ2414U.dll [2011.07.19 22:49:31 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.dll [2009.12.15 03:26:49 | 000,120,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll [2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.14 19:56:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.08.14 19:55:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.08.14 19:14:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2011.08.14 18:20:51 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.08.14 18:20:41 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.08.14 12:12:06 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.08.13 11:01:26 | 000,093,635 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.08.13 11:01:26 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2011.08.11 01:51:28 | 000,449,072 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.08.11 01:51:28 | 000,432,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.08.11 01:51:28 | 000,080,636 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.08.11 01:51:28 | 000,067,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.08.11 01:48:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.08.10 19:08:23 | 000,001,870 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2011.07.25 17:09:56 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2011.07.20 11:14:45 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2011.07.20 10:51:46 | 000,166,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.10 19:08:23 | 000,001,870 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2011.07.20 01:41:19 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011.07.19 22:49:31 | 000,393,256 | ---- | C] () -- C:\WINDOWS\System32\CNQ2414N.DAT [2011.06.08 15:12:50 | 000,010,525 | ---- | C] () -- C:\WINDOWS\System32\Default_3.ini [2011.06.08 15:12:50 | 000,010,283 | ---- | C] () -- C:\WINDOWS\System32\Default_2.ini [2011.06.08 15:12:50 | 000,009,917 | ---- | C] () -- C:\WINDOWS\System32\Default_1.ini [2011.06.08 15:12:50 | 000,000,738 | ---- | C] () -- C:\WINDOWS\System32\MKProfile.ini [2011.06.08 15:12:47 | 000,870,120 | ---- | C] () -- C:\WINDOWS\System32\atwtusb.exe [2011.06.08 15:12:46 | 007,134,952 | ---- | C] () -- C:\WINDOWS\System32\WTMKM.exe [2011.06.08 15:12:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallService.exe [2011.06.08 15:12:38 | 003,683,560 | ---- | C] () -- C:\WINDOWS\System32\Control Panel_Betteryless.exe [2011.06.08 15:12:36 | 000,148,200 | ---- | C] () -- C:\WINDOWS\System32\Calibration.exe [2011.06.08 15:12:33 | 000,835,072 | ---- | C] () -- C:\WINDOWS\RmTablet.exe [2011.06.08 15:12:32 | 000,010,708 | ---- | C] () -- C:\WINDOWS\System32\aiptbl.ini [2011.02.22 19:15:13 | 000,029,032 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.02.07 07:44:50 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2011.02.07 07:44:50 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\83EB2057E6.sys [2010.12.18 14:39:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.10.22 16:10:43 | 000,003,386 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010.06.26 22:10:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.06.26 22:10:53 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.02.11 15:14:21 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2009.12.08 03:40:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.11.11 22:09:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2009.10.29 11:14:11 | 000,004,940 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe [2009.10.29 00:10:30 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009.08.29 17:37:14 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2009.08.14 19:24:40 | 000,000,432 | ---- | C] () -- C:\WINDOWS\System32\mfsv.bin [2009.08.10 16:46:40 | 005,433,520 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe [2009.05.08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2009.04.30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2009.04.25 16:07:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.04.25 08:34:59 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2009.04.25 01:51:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.04.25 01:50:57 | 000,166,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.04.25 00:40:50 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009.04.25 00:40:28 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009.04.25 00:40:24 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2009.04.25 00:19:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.04.25 00:19:11 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2009.04.25 00:09:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.04.24 21:08:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.04.24 21:03:47 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SearchRequire.dll [2009.03.27 10:03:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.03.27 10:03:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2009.03.27 10:03:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009.03.27 10:03:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2009.03.27 10:03:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.03.27 10:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.03.27 10:03:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2009.03.27 10:03:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2009.03.27 10:03:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2008.08.29 14:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2008.08.29 14:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2006.10.22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.10.22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004.08.04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 14:00:00 | 000,449,072 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 14:00:00 | 000,432,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 14:00:00 | 000,080,636 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 14:00:00 | 000,067,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2011.07.19 22:54:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2010.06.26 22:26:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.12.15 03:38:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SMP7 [2011.06.08 15:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tablet [2010.06.11 01:12:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.08.07 18:08:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.09.22 22:13:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2011.04.05 18:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2010.08.07 17:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.04.25 01:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.08.07 15:09:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.05.29 23:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\111 Pix Ltd [2009.11.14 19:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Academic Software Zurich [2009.08.03 18:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Audacity [2011.04.05 18:51:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\BitZipper [2011.07.19 22:54:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Canon [2011.02.12 16:41:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\DDMSettings [2011.04.05 18:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\GetRightToGo [2011.07.19 23:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\gtk-2.0 [2010.11.02 01:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\InfraRecorder [2010.11.18 17:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Lost Marble [2009.04.26 16:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\MSNInstaller [2009.04.25 07:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\OpenOffice.org [2010.06.26 22:25:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\PC Suite [2010.08.22 19:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\runic games [2010.06.26 22:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Samsung [2010.08.07 15:10:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\TuneUp Software [2011.07.04 16:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\uTorrent [2009.08.19 15:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\wxMozBrowserLib ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B606BA34 < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.08.2011 20:08:37 - Run 3
OTL by OldTimer - Version 3.2.26.2 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,50 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 83,32% Memory free
2,86 Gb Paging File | 2,79 Gb Available in Paging File | 97,75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 58,59 Gb Total Space | 1,47 Gb Free Space | 2,50% Space Free | Partition Type: NTFS
Drive D: | 53,22 Gb Total Space | 0,40 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive E: | 0,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: WITT | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-507921405-117609710-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Logitech\Logitech Vid\Vid.exe" = C:\Programme\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro Trial
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitZipper_is1" = BitZipper 2010
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Der große Grammatiktrainer Englisch" = Der große Grammatiktrainer Englisch
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"FilmOn HDi Player" = FilmOn HDi Player
"Fireplace by PES" = Fireplace by PES Screen Saver
"FormatFactory" = FormatFactory 2.60
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"RmTablet" = Tablet Driver With Macrokey Manager
"Samsung ML-1610 Series" = Samsung ML-1610 Series
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SystemRequirementsLab" = System Requirements Lab
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"YDKJG" = YOU DON'T KNOW JACK®
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.07.2011 17:12:37 | Computer Name = WITT | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 11.08.2011 18:32:44 | Computer Name = WITT | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 5.0.0.4183, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 14.08.2011 13:57:50 | Computer Name = WITT | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.08.2011 13:57:56 | Computer Name = WITT | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.08.2011 13:58:03 | Computer Name = WITT | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.08.2011 13:58:10 | Computer Name = WITT | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.08.2011 13:58:18 | Computer Name = WITT | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.08.2011 13:58:25 | Computer Name = WITT | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.08.2011 13:58:32 | Computer Name = WITT | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.08.2011 14:01:55 | Computer Name = WITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 14.08.2011 14:07:53 | Computer Name = WITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 14.08.2011 14:08:00 | Computer Name = WITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
|
|
16.08.2011, 11:58
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei Trojaner OTL Log Wieso kein OTLPE? Lässt der Rechner sich noch bedienen im abgesicherten Modus=
__________________
__________________ |
|
16.08.2011, 15:30
| #3 | |
| | Bundespolizei Trojaner OTL LogZitat:
|
|
16.08.2011, 18:19
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner OTL Log Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom im normalen Windows-Modus (kein OTLPE!) CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.08.2011, 18:39
| #5 |
| | Bundespolizei Trojaner OTL Log Hier das Log von Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7035
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
19.08.2011 17:15:27
mbam-log-2011-08-19 (17-15-27).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 271582
Laufzeit: 29 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\jashla.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\Blub\anwendungsdaten\jashla.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Hab dann auch den gewünschten Scan mit OTL gemacht, das hier das Log davon: OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.08.2011 19:27:41 - Run 4 OTL by OldTimer - Version 3.2.26.2 Folder = C:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 65,88% Memory free 3,35 Gb Paging File | 2,93 Gb Available in Paging File | 87,46% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 58,59 Gb Total Space | 0,88 Gb Free Space | 1,50% Space Free | Partition Type: NTFS Drive D: | 53,22 Gb Total Space | 0,40 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Computer Name: WITT | User Name: Blub | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\system32\atwtusb.exe () PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe () PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe () PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Modules (SafeList) ========== MOD - C:\Programme\Avira\AntiVir Desktop\aeheur.dll (Avira GmbH) MOD - C:\OTL.exe (OldTimer Tools) MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Avira\AntiVir Desktop\aescript.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\aerdl.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\aepack.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\aeoffice.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\aehelp.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\aegen.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\aecore.dll (Avira GmbH) MOD - C:\Programme\Malwarebytes' Anti-Malware\mbamnet.dll (Malwarebytes Corporation) MOD - C:\Programme\Malwarebytes' Anti-Malware\mbam.dll (Malwarebytes Corporation) MOD - C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) MOD - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) MOD - C:\Programme\Avira\AntiVir Desktop\aesbx.dll (Avira GmbH) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll (Microsoft Corporation) MOD - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mfc42u.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\atwtusb.exe () MOD - C:\WINDOWS\system32\lsasrv.dll (Microsoft Corporation) MOD - C:\Programme\Avira\AntiVir Desktop\unacev2.dll (ACE Compression Software) MOD - C:\Programme\Avira\AntiVir Desktop\aescn.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\aeemu.dll (Avira GmbH) MOD - C:\Programme\7-Zip\7-zip.dll (Igor Pavlov) MOD - C:\WINDOWS\system32\odbc32.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll (Microsoft Corporation) MOD - C:\Programme\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.dll (Apple Inc.) MOD - C:\Programme\iPod\bin\iPodService.Resources\de.lproj\iPodServiceLocalized.dll (Apple Inc.) MOD - C:\Programme\iTunes\iTunesHelper.Resources\iTunesHelper.dll (Apple Inc.) MOD - C:\Programme\iTunes\iTunesHelper.dll (Apple Inc.) MOD - C:\Programme\iPod\bin\iPodService.Resources\iPodService.dll (Apple Inc.) MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.) MOD - C:\Programme\QuickTime\QTSystem\QuickTime.qts (Apple Inc.) MOD - C:\Programme\QuickTime\QTSystem\QTCF.dll (Apple Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\iTunesMobileDevice.dll (Apple Inc.) MOD - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\SQLite3.dll (Apple Inc.) MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\objc.dll (Apple Inc.) MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\pthreadVC2.dll (Open Source Software community project) MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libdispatch.dll (Apple Inc.) MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icudt40.dll (IBM Corporation and others) MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuin40.dll (IBM Corporation and others) MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuuc40.dll (IBM Corporation and others) MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\CoreFoundation.dll (Apple Inc.) MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\CFNetwork.dll (Apple, Inc.) MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\ASL.dll (Apple, Inc.) MOD - C:\Programme\Avira\AntiVir Desktop\aevdf.dll (Avira GmbH) MOD - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) MOD - C:\Programme\Avira\AntiVir Desktop\aebb.dll (Avira GmbH) MOD - C:\Programme\BitZipper\BZSHLEXT.DLL (Bitberry Software) MOD - C:\Programme\Java\jre6\bin\msvcr71.dll (Microsoft Corporation) MOD - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MOD - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) MOD - C:\WINDOWS\system32\netfxperf.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\oakley.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rastls.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\raschap.dll (Microsoft Corporation) MOD - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll (STLport Consulting, Inc.) MOD - C:\Programme\Avira\AntiVir Desktop\avpref.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) MOD - C:\WINDOWS\system32\query.dll (Microsoft Corporation) MOD - C:\Programme\Avira\AntiVir Desktop\shlext.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\avgio.dll (Avira GmbH) MOD - C:\WINDOWS\system32\localspl.dll (Microsoft Corporation) MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.) MOD - c:\Programme\Avira\AntiVir Desktop\ccgen.dll (Avira GmbH) MOD - c:\Programme\Avira\AntiVir Desktop\ccgenrc.dll (Avira GmbH) MOD - c:\Programme\Avira\AntiVir Desktop\ccgrdrc.dll (Avira GmbH) MOD - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) MOD - C:\WINDOWS\system32\pdh.dll (Microsoft Corporation) MOD - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - C:\WINDOWS\system32\wbem\fastprox.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wmiprvsd.dll (Microsoft Corporation) MOD - C:\Programme\Avira\AntiVir Desktop\smtplib.dll (Avira GmbH) MOD - c:\Programme\Avira\AntiVir Desktop\ccupdate.dll (Avira GmbH) MOD - c:\Programme\Avira\AntiVir Desktop\ccguard.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\cclib.dll (Avira GmbH) MOD - c:\Programme\Avira\AntiVir Desktop\ccmsg.dll (Avira GmbH) MOD - c:\Programme\Avira\AntiVir Desktop\cclic.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - c:\Programme\Avira\AntiVir Desktop\ccupdrc.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\guardmsg.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\schedr.dll (Avira GmbH) MOD - C:\Programme\Avira\AntiVir Desktop\avipc.dll (Avira GmbH) MOD - c:\Programme\Avira\AntiVir Desktop\cclicrc.dll (Avira GmbH) MOD - C:\WINDOWS\system32\vpnapi.dll () MOD - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mscms.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msdtcprx.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msdtcuiu.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mtxclu.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\h323.tsp (Microsoft Corporation) MOD - C:\WINDOWS\system32\unimdm.tsp (Microsoft Corporation) MOD - C:\WINDOWS\system32\ndptsp.tsp (Microsoft Corporation) MOD - C:\WINDOWS\system32\kmddsp.tsp (Microsoft Corporation) MOD - C:\WINDOWS\system32\hidphone.tsp (Microsoft Corporation) MOD - C:\WINDOWS\system32\ipconf.tsp (Microsoft Corporation) MOD - C:\WINDOWS\explorer.exe (Microsoft Corporation) MOD - C:\WINDOWS\system32\wzcsapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wbemcore.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wbemess.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wbemcomn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wmiprov.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\win32spl.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\winscard.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wmiutils.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wmiaprpl.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wbemsvc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\winipsec.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wshtcpip.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wbemprox.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\upnp.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\usbmon.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\uniplat.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\sxs.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\tapi32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\sti.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\tcpmon.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ssdpapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\spoolss.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\sensapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rasdlg.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\samsrv.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\scesrv.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rasapi32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rasppp.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\scecli.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\repdrvfs.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\onex.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\oledlg.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\psbase.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\qutil.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rasqec.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rasman.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\resutils.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rastapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\regapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\perfctrs.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\pstorsvc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\profmap.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\perfdisk.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\perfos.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\perfnet.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\powrprof.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\pjlmon.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rasadhlp.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\odbcbcp.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ntlsapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netcfgx.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netlogon.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\ncprov.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ncobjapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\nddeapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msutb.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mstlsapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcirt.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mspatcha.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msidle.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msgina.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mlang.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mfcsubs.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\loadperf.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\inetpp.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\icaapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\hnetcfg.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\hid.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\esent.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\esscli.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\eventlog.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\dsound.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\duser.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\eappcfg.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\eappprxy.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\eapolqec.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\dot3api.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\dot3dlg.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\comsvcs.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\dbghelp.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\ddraw.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\credui.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\colbact.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\cryptdll.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\dciman32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\catsrvut.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\catsrv.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\certcli.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\clusapi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\cnbjmon.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\batmeter.dll (Microsoft Corporation) MOD - C:\WINDOWS\AppPatch\acgenral.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation) MOD - C:\WINDOWS\AppPatch\acadproc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\wmiapres.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\browselc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\dssenh.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msprivs.dll (Microsoft Corporation) MOD - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) MOD - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe () MOD - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe () MOD - C:\WINDOWS\system32\vsinit.dll (Zone Labs, LLC) MOD - C:\WINDOWS\system32\vsdata.dll (Zone Labs, LLC) MOD - C:\WINDOWS\system32\odbcint.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\WINDOWS\system32\nvrsde.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nvapi.dll () MOD - C:\WINDOWS\system32\PortableDeviceApi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\PortableDeviceTypes.dll (Microsoft Corporation) MOD - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) MOD - C:\Programme\Gemeinsame Dateien\LightScribe\msvcp71.dll (Microsoft Corporation) MOD - C:\Programme\Gemeinsame Dateien\LightScribe\msvcr71.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SUGS1LMK.DLL (Samsung Electronics.) MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\traffic.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\utildll.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\perfts.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\pschdprf.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rsvpperf.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\tapiperf.dll (Microsoft Corporation) MOD - C:\Programme\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) MOD - C:\WINDOWS\system32\pdfcmnnt.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (WTService) -- C:\WINDOWS\System32\atwtusb.exe () SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (vhidmini) -- C:\WINDOWS\system32\drivers\walvhid.sys (Windows (R) Win 7 DDK provider) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.) DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (moufiltr) -- C:\WINDOWS\system32\drivers\moufiltr.sys (Windows (R) Codename Longhorn DDK provider) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (smp_lpt) -- C:\WINDOWS\system32\drivers\smp_LPT.sys (Ross Garner) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys (Macrovision Europe Ltd) DRV - (713xTVCard) -- C:\WINDOWS\system32\drivers\SAA713x.sys (Philips Semiconductors) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation) DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2206084 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.02.12 16:40:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.02.12 16:40:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.19 19:14:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.19 19:14:26 | 000,000,000 | ---D | M] [2009.04.25 00:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Mozilla\Extensions [2011.08.19 19:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Mozilla\Firefox\Profiles\8pfz54ni.default\extensions [2010.02.16 21:13:26 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Mozilla\Firefox\Profiles\8pfz54ni.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2011.01.15 18:09:33 | 000,000,000 | ---D | M] (BlockSite) -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Mozilla\Firefox\Profiles\8pfz54ni.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2009.02.13 19:18:24 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Mozilla\Firefox\Profiles\8pfz54ni.default\searchplugins\ask.xml [2010.08.03 21:11:35 | 000,002,395 | ---- | M] () -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Mozilla\Firefox\Profiles\8pfz54ni.default\searchplugins\askcom.xml [2010.11.02 17:02:34 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Mozilla\Firefox\Profiles\8pfz54ni.default\searchplugins\conduit.xml [2011.08.19 19:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.13 15:33:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.09.13 23:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.07.26 01:58:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.27 19:32:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.08.19 19:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BLUB\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\8PFZ54NI.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BLUB\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\8PFZ54NI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2010.02.16 19:22:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.08.19 19:14:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2009.08.09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll [2009.08.09 02:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll [2011.03.25 21:27:03 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.25 21:27:03 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.03.25 21:27:03 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.03.25 21:27:03 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.25 21:27:03 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.25 21:27:03 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Logitech Vid] C:\Programme\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240673407625 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.24 21:06:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.LAGS - C:\WINDOWS\System32\lagarith.dll ( ) Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Dokumente und Einstellungen\Blub\Desktop\An die [2011.08.19 19:09:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Malwarebytes [2011.08.19 16:41:18 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.08.19 16:41:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.08.19 16:41:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.08.19 16:41:14 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.08.19 16:41:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.08.14 22:46:52 | 000,000,000 | ---D | C] -- C:\.Trash-999 [2011.08.14 20:08:12 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2011.08.10 19:08:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2011.07.22 22:51:50 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2009.12.15 03:26:49 | 000,120,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll [2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Dokumente und Einstellungen\Blub\Desktop\An die [2011.08.19 19:17:59 | 000,001,721 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Converter.lnk [2011.08.19 19:17:59 | 000,001,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Blub\Desktop\DivX Movies.lnk [2011.08.19 19:14:27 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2011.08.19 19:12:13 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.08.19 19:09:38 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.08.19 19:09:35 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2011.08.19 19:09:14 | 000,093,635 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.08.19 17:17:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.08.19 17:17:11 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.08.19 17:17:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.08.14 19:14:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2011.08.11 10:24:45 | 000,022,613 | ---- | M] () -- C:\Dokumente und Einstellungen\Blub\Desktop\Streetwork Mafe.odt [2011.08.11 01:51:28 | 000,449,072 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.08.11 01:51:28 | 000,432,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.08.11 01:51:28 | 000,080,636 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.08.11 01:51:28 | 000,067,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.08.11 01:48:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.08.10 19:08:23 | 000,001,870 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2011.07.22 22:51:50 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.11 10:24:45 | 000,022,613 | ---- | C] () -- C:\Dokumente und Einstellungen\Blub\Desktop\Streetwork Mafe.odt [2011.08.10 19:08:23 | 000,001,870 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2011.07.19 22:49:31 | 000,393,256 | ---- | C] () -- C:\WINDOWS\System32\CNQ2414N.DAT [2011.06.08 15:12:50 | 000,010,525 | ---- | C] () -- C:\WINDOWS\System32\Default_3.ini [2011.06.08 15:12:50 | 000,010,283 | ---- | C] () -- C:\WINDOWS\System32\Default_2.ini [2011.06.08 15:12:50 | 000,009,917 | ---- | C] () -- C:\WINDOWS\System32\Default_1.ini [2011.06.08 15:12:50 | 000,000,738 | ---- | C] () -- C:\WINDOWS\System32\MKProfile.ini [2011.06.08 15:12:47 | 000,870,120 | ---- | C] () -- C:\WINDOWS\System32\atwtusb.exe [2011.06.08 15:12:46 | 007,134,952 | ---- | C] () -- C:\WINDOWS\System32\WTMKM.exe [2011.06.08 15:12:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallService.exe [2011.06.08 15:12:38 | 003,683,560 | ---- | C] () -- C:\WINDOWS\System32\Control Panel_Betteryless.exe [2011.06.08 15:12:36 | 000,148,200 | ---- | C] () -- C:\WINDOWS\System32\Calibration.exe [2011.06.08 15:12:33 | 000,835,072 | ---- | C] () -- C:\WINDOWS\RmTablet.exe [2011.06.08 15:12:32 | 000,010,708 | ---- | C] () -- C:\WINDOWS\System32\aiptbl.ini [2011.02.22 19:15:13 | 000,029,032 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.02.07 07:44:50 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2011.02.07 07:44:50 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\83EB2057E6.sys [2010.12.18 14:39:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.10.22 16:10:43 | 000,003,386 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010.06.26 22:10:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.06.26 22:10:53 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.06.26 22:10:45 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\$_hpcst$.hpc [2010.02.11 15:14:21 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2009.12.08 03:40:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.11.11 22:09:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2009.10.29 11:14:11 | 000,004,940 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe [2009.10.29 00:10:30 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009.08.29 17:37:14 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2009.08.14 19:24:40 | 000,000,432 | ---- | C] () -- C:\WINDOWS\System32\mfsv.bin [2009.08.10 16:46:40 | 005,433,520 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe [2009.05.08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2009.04.30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2009.04.25 16:07:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.04.25 08:34:59 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2009.04.25 01:51:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.04.25 01:50:57 | 000,166,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.04.25 00:40:50 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009.04.25 00:40:28 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009.04.25 00:40:24 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2009.04.25 00:19:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.04.25 00:19:11 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2009.04.25 00:09:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.04.24 23:58:23 | 000,203,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Blub\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.24 21:08:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.04.24 21:03:47 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SearchRequire.dll [2009.03.27 10:03:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.03.27 10:03:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2009.03.27 10:03:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009.03.27 10:03:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2009.03.27 10:03:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.03.27 10:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.03.27 10:03:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2009.03.27 10:03:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2009.03.27 10:03:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2008.08.29 14:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2008.08.29 14:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2006.10.22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.10.22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004.08.04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 14:00:00 | 000,449,072 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 14:00:00 | 000,432,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 14:00:00 | 000,080,636 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 14:00:00 | 000,067,794 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2011.07.19 22:54:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2010.06.26 22:26:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.12.15 03:38:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SMP7 [2011.06.08 15:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tablet [2010.06.11 01:12:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.08.07 18:08:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.09.22 22:13:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2011.04.05 18:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2010.08.07 17:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.04.25 01:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.08.07 15:09:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.05.29 23:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\111 Pix Ltd [2009.11.14 19:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Academic Software Zurich [2009.08.03 18:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Audacity [2011.04.05 18:51:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\BitZipper [2011.07.19 22:54:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Canon [2011.02.12 16:41:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\DDMSettings [2011.04.05 18:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\GetRightToGo [2011.07.19 23:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\gtk-2.0 [2010.11.02 01:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\InfraRecorder [2010.11.18 17:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Lost Marble [2009.04.26 16:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\MSNInstaller [2009.04.25 07:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\OpenOffice.org [2010.06.26 22:25:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\PC Suite [2010.08.22 19:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\runic games [2010.06.26 22:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Samsung [2010.08.07 15:10:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\TuneUp Software [2011.07.04 16:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\uTorrent [2009.08.19 15:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\wxMozBrowserLib ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.05.29 23:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\111 Pix Ltd [2009.11.14 19:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Academic Software Zurich [2009.08.10 16:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\AccurateRip [2009.04.25 00:15:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Adobe [2011.07.04 12:27:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Apple Computer [2009.08.03 18:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Audacity [2011.04.05 18:51:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\BitZipper [2011.07.19 22:54:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Canon [2011.02.12 16:41:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\DDMSettings [2010.07.10 17:37:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\DivX [2010.07.22 00:45:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\dvdcss [2011.04.05 18:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\GetRightToGo [2009.07.02 01:27:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Google [2011.07.19 23:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\gtk-2.0 [2009.05.16 18:42:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Help [2009.04.24 21:10:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Identities [2010.11.02 01:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\InfraRecorder [2010.11.18 17:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Lost Marble [2009.04.25 00:15:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Macromedia [2011.08.19 19:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Malwarebytes [2009.12.03 22:21:35 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Microsoft [2010.04.11 20:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Move Networks [2009.04.25 00:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Mozilla [2009.04.26 16:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\MSNInstaller [2009.04.25 07:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\OpenOffice.org [2010.06.26 22:25:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\PC Suite [2010.04.08 19:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Real [2010.08.22 19:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\runic games [2010.06.26 22:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Samsung [2010.12.14 01:48:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Sibelius Software [2011.08.19 19:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Skype [2011.08.10 19:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\skypePM [2009.04.25 06:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Sun [2010.08.07 15:10:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\TuneUp Software [2011.07.04 16:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\uTorrent [2011.07.05 23:02:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\vlc [2009.08.19 15:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\wxMozBrowserLib < %APPDATA%\*.exe /s > [2009.04.25 00:17:45 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2010.04.11 20:09:57 | 000,144,053 | ---- | M] () -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Move Networks\uninstall.exe [2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.04.26 16:06:01 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\MSNInstaller\msnauins.exe [2009.05.06 07:41:41 | 000,020,480 | ---- | M] (ocean) -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\uno_packages\D.tmp_\pubooo-0.3.5.oxt\PubOOo\pub2ppt.exe [2010.06.02 18:00:07 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Real\Update\setup3.10\setup.exe [2011.01.26 21:24:59 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Real\Update\setup3.13\setup.exe [2011.08.19 19:15:38 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Blub\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > [2011.08.14 19:14:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2001.05.24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009.04.25 08:34:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009.04.25 08:34:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009.04.25 08:34:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009.04.25 08:34:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATABUS.SYS > [2004.06.03 10:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.04.25 02:49:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009.04.25 02:49:58 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009.04.25 02:49:57 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B606BA34 < End of report > Vielen Dank aber für die Hilfe bisher, ihr seid super! |
|
19.08.2011, 19:46
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner OTL Log Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2206084
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.24 21:06:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B606BA34
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Bundespolizei Trojaner OTL Log |
|
19.08.2011, 20:28
| #7 |
| | Bundespolizei Trojaner OTL Log hier also das Log vom Fix: Code:
ATTFilter ========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Softonic Deutsch FF Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B606BA34 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.2 log created on 08192011_212622
|
|
19.08.2011, 21:05
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner OTL Log Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei Trojaner OTL Log |
| 0x00000001, 7-zip, acedrv05.sys, adobe, alternate, antivir, avira, bho, bonjour, browser, c:\windows\system32\cmd.exe, desktop, einstellungen, error, explorer, fastprox.dll, firefox, flash player, format, google earth, helper, logfile, lws.exe, msvcr80.dll, plug-in, realtek, registry, rundll, scan, sched.exe, security, server, shell32.dll, software, tcp, trojaner, udp, version=1.0, wbemess.dll, windows internet |
Textbox.
.
Linear-Darstellung
