| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: National Cyber Crime Trojaner / Logfiles. Naechste Schritte...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
24.04.2012, 22:22
| #1 |
 |  National Cyber Crime Trojaner / Logfiles. Naechste Schritte... Hallo zusammen, ich habe mir auch diesen Bundespolizei National Cyber Crime Trojaner eingefangen. Ich habe mich bislang an die entsprechenden Schritte aus dem Forum gehalten Habe auf meinem REatogoXPE System OTLPE ausgefuehrt und den Scan gemacht. Da jetzt gesagt wurde, ich solle die LogDatei oti.txt posten, mache ich das jetzt mal Ich waere Euch sehr dankbar, wenn ihr mir dann sagen koenntet, was ich als naechstes machen soll. Danke im Voraus! ///////////////////// Hier die oti.txt OTL logfile created on: 4/24/2012 11:53:10 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 75.31 Gb Total Space | 17.48 Gb Free Space | 23.21% Space Free | Partition Type: NTFS Drive D: | 71.30 Gb Total Space | 12.38 Gb Free Space | 17.37% Space Free | Partition Type: NTFS Drive E: | 2.44 Gb Total Space | 0.25 Gb Free Space | 10.32% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2012/04/23 12:33:29 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/10/09 10:02:32 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011/06/28 14:10:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/27 11:47:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/12/27 08:14:31 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010/11/19 10:31:52 | 001,051,968 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/11/19 10:29:54 | 000,030,016 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009/09/11 06:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009/02/06 12:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008/08/07 13:26:44 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice) SRV - [2008/04/21 18:27:06 | 000,498,952 | ---- | M] () [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2008/04/20 19:07:18 | 000,431,384 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/06/15 11:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006/05/15 14:17:11 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) [Auto] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7) SRV - [2005/04/01 20:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService) SRV - [2004/10/21 22:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (oUltraf) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- -- (8de302a8-c142-4cb6-99a2-dbec0bcc64e9) DRV - File not found [Kernel | On_Demand] -- -- (53d98f3b-4c2c-48ae-82c0-c2f7285e6cb4) DRV - [2011/06/28 14:10:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/28 14:10:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/02/24 08:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010/01/23 15:21:17 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2010/01/23 15:21:17 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010/01/23 15:21:06 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2010/01/23 15:20:57 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman) DRV - [2009/06/29 12:00:50 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009/04/09 07:38:30 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/03/04 21:02:36 | 000,041,120 | ---- | M] (Realtek) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009/03/04 04:27:16 | 000,032,288 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009/03/04 04:27:14 | 000,074,912 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/02/13 05:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2009/01/19 14:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008/10/09 07:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008/10/09 07:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007/11/11 13:18:57 | 000,096,832 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2007/02/22 06:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007/02/22 06:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007/02/22 06:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007/02/22 06:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2007/02/15 20:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2006/11/21 23:25:08 | 002,829,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006/11/10 10:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005/12/04 16:58:03 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi) DRV - [2005/12/04 16:56:16 | 000,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2005/11/14 13:43:33 | 000,162,432 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ithsgt.sys -- (ithsgt) DRV - [2005/11/14 13:43:32 | 000,012,032 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lilsgt.sys -- (lilsgt) DRV - [2005/04/25 05:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Vax347b.sys -- (Vax347b) DRV - [2004/10/08 07:59:11 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl) DRV - [2004/10/08 07:57:48 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2004/10/07 10:09:22 | 000,115,744 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004/10/07 10:05:05 | 000,080,576 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2004/04/30 04:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Vax347s.sys -- (Vax347s) DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003/09/18 19:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003/09/06 08:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1) DRV - [2003/01/10 04:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770) DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator.JULIANWILKE_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Julian_Wilke_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\Julian_Wilke_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Julian_Wilke_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010/05/03 11:57:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Programme\Object\facetheme [2011/08/07 10:33:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/27 16:42:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/06/06 17:01:02 | 000,000,000 | ---D | M] [2010/06/17 13:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator.JULIANWILKE\Anwendungsdaten\mozilla\Extensions [2010/06/18 09:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator.JULIANWILKE\Anwendungsdaten\mozilla\Firefox\Profiles\1pht7h6t.default\extensions [2010/06/18 09:52:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator.JULIANWILKE\Anwendungsdaten\mozilla\Firefox\Profiles\1pht7h6t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/11/11 12:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008/12/18 05:16:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2012/03/27 16:42:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008/02/22 11:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011/10/03 07:32:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/03 07:32:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011/10/03 07:32:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011/10/03 07:32:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/03 07:32:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/03 07:32:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/06/26 07:23:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Facetheme) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - C:\Programme\Object\bho_project.dll (InternetEngine) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\Julian_Wilke_ON_C..\Run: [] C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Temp\wpbt0.dll () O4 - HKU\Julian_Wilke_ON_C..\Run: [{5CA00908-CD11-2F76-C3BC-3F87C2FDCAC0}] File not found O4 - Startup: C:\Dokumente und Einstellungen\Julian Wilke\Startmenü\Programme\Autostart\Webshots.lnk = C:\Programme\Webshots\Launcher.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator.JULIANWILKE_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Julian_Wilke_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/activex/IPSUploader.cab (IPSUploader Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop BackupWallPaper: O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/03/11 17:59:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Webshots.lnk - C:\Programme\Webshots\Launcher.exe - () MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) ========== Files/Folders - Created Within 30 Days ========== [2012/04/23 12:33:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/04/19 05:45:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Vivento [2012/04/17 15:54:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Mitarbeiter Kundendatenbankmanagement [2012/04/15 09:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Wetuzet [2012/04/15 09:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Noup [2012/04/12 13:31:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Headhunter [2012/04/01 11:33:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Telekom [2012/03/31 14:04:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Michael Page [2012/03/27 04:36:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Deutsche Post Database Marketing [2005/12/05 16:55:34 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys [2005/12/05 16:55:34 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/24 16:08:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/04/24 14:19:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/24 14:17:38 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/04/24 14:17:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/04/24 14:17:09 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys [2012/04/23 14:12:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/04/23 12:33:28 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/04/23 12:33:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/04/22 10:58:49 | 000,002,501 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Word.lnk [2012/04/21 15:19:03 | 004,893,111 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\REWE_Broschuere_09.pdf [2012/04/21 11:52:21 | 001,345,382 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Fakten_und_Zahlen_zum_deutschen_Reisemarkt_2010.pdf [2012/04/18 05:08:39 | 003,068,147 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Julian Wilke Mitarbeiter Kundendatenbankmanagement_CRM-System.pdf [2012/04/18 04:29:49 | 000,001,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2012/04/17 16:00:13 | 000,065,490 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\congstar_ManagerReporting_Datawarehouse_C40.pdf [2012/04/17 06:55:03 | 000,492,262 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\artikel_stadtanzeiger_2011_web.jpg [2012/04/12 17:43:07 | 000,506,418 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/04/12 17:43:07 | 000,481,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/04/12 17:43:07 | 000,098,486 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/04/12 17:43:07 | 000,082,908 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/04/12 17:37:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/04/12 13:38:30 | 000,039,999 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CV_Julian Wilke.pdf [2012/04/06 14:09:02 | 005,200,031 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\die ärzte - Quadrophenia (offizielles Video).mp3 [2012/04/06 07:31:54 | 003,068,051 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Junior Manger operatives CRM Julian Wilke.pdf [2012/04/03 13:54:34 | 000,109,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/01 05:32:36 | 000,001,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\iTunes.lnk [2012/03/31 10:51:31 | 000,406,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\IMG_4212-001.JPG [2012/03/31 08:47:47 | 000,052,956 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\51XZufENFML._SS500_.jpg [2012/03/30 10:25:04 | 000,035,695 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\facebook_disconnect-2.1.1-fx.xpi [2012/03/27 09:55:24 | 001,304,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnisse geringere Auflösung.pdf [2012/03/27 09:53:03 | 000,554,140 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnis Aktion Mensch geringere Auflösung.pdf [2012/03/27 09:52:21 | 000,088,116 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\3.pdf [2012/03/27 09:51:52 | 000,110,190 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00002.JPG [2012/03/27 09:50:38 | 000,215,806 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\1.pdf [2012/03/27 09:49:56 | 000,277,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00001.JPG [2012/03/27 09:48:26 | 000,258,306 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\2.pdf [2012/03/27 09:47:13 | 000,328,908 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00000.JPG [2012/03/27 09:45:35 | 000,399,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCF27032012_00000.pdf [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/21 15:19:02 | 004,893,111 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\REWE_Broschuere_09.pdf [2012/04/21 11:52:21 | 001,345,382 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Fakten_und_Zahlen_zum_deutschen_Reisemarkt_2010.pdf [2012/04/18 05:08:31 | 003,068,147 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Julian Wilke Mitarbeiter Kundendatenbankmanagement_CRM-System.pdf [2012/04/18 04:29:49 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2012/04/17 16:00:05 | 000,065,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\congstar_ManagerReporting_Datawarehouse_C40.pdf [2012/04/17 06:55:01 | 000,492,262 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\artikel_stadtanzeiger_2011_web.jpg [2012/04/16 14:52:55 | 000,039,999 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CV_Julian Wilke.pdf [2012/04/07 06:10:16 | 000,035,695 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\facebook_disconnect-2.1.1-fx.xpi [2012/04/06 14:08:23 | 005,200,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\die ärzte - Quadrophenia (offizielles Video).mp3 [2012/04/06 07:27:52 | 003,068,051 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Junior Manger operatives CRM Julian Wilke.pdf [2012/04/01 05:32:36 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\iTunes.lnk [2012/03/31 10:51:31 | 000,406,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\IMG_4212-001.JPG [2012/03/31 08:47:43 | 000,052,956 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\51XZufENFML._SS500_.jpg [2012/03/27 09:55:21 | 001,304,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnisse geringere Auflösung.pdf [2012/03/27 09:52:20 | 000,088,116 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\3.pdf [2012/03/27 09:51:52 | 000,110,190 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00002.JPG [2012/03/27 09:49:56 | 000,277,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00001.JPG [2012/03/27 09:48:25 | 000,258,306 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\2.pdf [2012/03/27 09:47:12 | 000,328,908 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00000.JPG [2012/03/27 09:45:35 | 000,399,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCF27032012_00000.pdf [2012/03/27 09:36:47 | 000,215,806 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\1.pdf [2012/03/27 04:49:59 | 000,554,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnis Aktion Mensch geringere Auflösung.pdf [2011/12/27 11:47:28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2011/10/14 14:32:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011/04/28 14:39:48 | 000,000,875 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\.recently-used.xbel [2011/02/17 17:27:45 | 000,197,024 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010/06/03 08:31:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2010/04/21 10:24:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2009/06/16 07:25:02 | 000,121,512 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2009/03/08 10:27:59 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\RefEdit.exd [2008/10/08 12:43:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat [2008/10/08 12:41:12 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008/05/16 05:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2008/04/15 14:04:48 | 000,033,732 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008/03/16 09:23:50 | 000,000,043 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2008/01/07 14:49:06 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008/01/07 14:40:44 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe [2007/12/20 17:50:19 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2007/12/20 16:47:34 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2007/06/11 12:47:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2007/03/18 14:03:57 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2007/03/18 14:03:54 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2007/03/18 14:03:53 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/03/18 14:03:53 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007/03/18 14:03:53 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007/03/18 14:03:51 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007/03/18 14:03:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2007/01/21 15:05:47 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\FixVTS.ini [2006/11/24 14:02:32 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2006/11/24 14:02:32 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2006/11/24 14:02:32 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2006/11/24 13:59:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat [2006/11/24 13:59:09 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2006/11/21 23:07:59 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2006/09/28 16:27:00 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2006/09/24 11:19:03 | 000,000,065 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini [2006/08/06 13:35:26 | 000,017,867 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat [2006/08/06 11:32:24 | 000,000,851 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-Ogg Vorbis aoTuV b4 SSE2.dat [2006/08/06 11:31:55 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat [2006/03/28 18:41:31 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe [2006/02/07 19:07:07 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2005/11/14 13:43:32 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys [2005/11/14 13:43:32 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys [2005/11/09 12:53:10 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2005/11/09 12:46:23 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2005/11/09 12:46:13 | 000,138,101 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2005/06/18 17:49:01 | 000,003,152 | ---- | C] () -- C:\WINDOWS\tm.ini [2005/06/01 14:04:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005/06/01 14:04:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005/06/01 14:04:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005/06/01 14:04:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005/06/01 14:04:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005/06/01 14:04:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005/04/30 02:28:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\telephon.ini [2005/04/30 02:27:04 | 000,172,032 | ---- | C] () -- C:\WINDOWS\WSBTN.DLL [2005/04/30 02:27:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\wsutil.exe [2005/04/26 07:57:07 | 000,519,024 | ---- | C] () -- C:\WINDOWS\System32\burst.dll [2005/04/26 07:57:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\winxp32.sys [2005/03/19 12:55:43 | 000,000,123 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005/03/19 12:12:01 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/03/18 16:26:01 | 000,000,565 | ---- | C] () -- C:\WINDOWS\eReg.dat [2005/03/13 12:59:32 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2005/03/12 13:15:23 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL [2005/03/12 12:47:22 | 000,109,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/03/12 12:31:09 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/03/11 19:09:01 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe [2005/03/11 19:09:01 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2005/03/11 19:05:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005/03/11 19:05:02 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe [2005/03/11 19:04:54 | 000,006,107 | ---- | C] () -- C:\WINDOWS\mozver.dat [2005/03/11 18:48:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005/03/11 17:55:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005/03/11 17:48:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/03/11 17:47:15 | 000,185,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 08:00:00 | 000,506,418 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004/08/04 08:00:00 | 000,481,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 08:00:00 | 000,098,486 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004/08/04 08:00:00 | 000,082,908 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001/10/28 12:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll [2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll [2001/08/27 14:40:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/27 14:39:30 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll [1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997/06/13 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2010/01/23 15:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Acronis [2010/05/03 11:57:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone [2005/07/02 10:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\.cptool [2011/04/06 13:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Amazon [2011/10/21 12:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus [2010/05/03 11:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Bytemobile [2006/01/15 11:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Computent Systems [2007/07/16 16:38:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DeepBurner [2012/04/22 13:52:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Dropbox [2012/03/31 08:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DVDVideoSoft [2011/08/07 08:11:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DVDVideoSoftIEHelpers [2008/07/12 13:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\fotobuch.de AG [2008/01/07 14:41:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\FotoWire [2011/02/26 16:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\gtk-2.0 [2007/03/18 14:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Haufe [2007/10/13 04:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Hiermit startenRipIt4Me [2007/08/26 12:16:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\InfraRecorder [2005/03/13 09:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Kazaa Lite [2009/04/05 10:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Lexware [2009/06/27 10:14:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Nokia [2009/11/27 17:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Notepad++ [2012/04/15 12:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Noup [2009/06/26 02:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\PC Suite [2008/01/11 13:29:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\PersBackup [2011/03/01 13:18:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\ProtectDisc [2007/07/15 14:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\RipIt4Me [2011/09/18 10:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Scan2PDF [2007/01/22 12:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\SlySoft [2009/04/11 06:06:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\TuneUp Software [2010/05/03 11:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Vodafone [2009/10/26 15:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Webshots [2012/04/23 12:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Wetuzet [2010/05/05 12:10:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Bytemobile [2008/05/18 07:31:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2007/03/03 09:25:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2008/07/13 14:58:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Colormailer Photobooks [2011/02/28 13:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads [2008/07/12 13:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG [2007/03/03 09:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2010/09/05 12:00:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ifolor [2007/11/10 10:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009/04/05 10:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2005/11/07 14:10:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NFS Underground [2009/06/26 02:20:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2008/12/23 10:22:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2007/11/17 10:14:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2008/08/07 12:53:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010/12/27 08:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010/05/03 11:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2009/03/27 15:11:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010/05/20 13:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/12/06 09:13:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2009/09/10 13:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/06/26 01:39:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/12/27 08:13:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2007/03/10 15:03:25 | 000,000,000 | ---D | M] -- C:\1a266c44ca408cebe4293f [2007/01/02 08:31:57 | 000,000,000 | ---D | M] -- C:\ATI [2007/11/17 13:34:06 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp [2006/04/01 09:04:29 | 000,000,000 | ---D | M] -- C:\Converted Music [2010/06/17 13:57:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2012/04/22 13:51:37 | 000,000,000 | R--D | M] -- C:\Dropbox [2008/10/14 12:42:48 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2009/06/27 06:10:07 | 000,000,000 | ---D | M] -- C:\Gigaset_WLAN11 [2007/01/26 12:51:10 | 000,000,000 | ---D | M] -- C:\My Shared Folder [2012/03/27 10:03:43 | 000,000,000 | ---D | M] -- C:\Programme [2011/10/14 14:32:48 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2010/06/16 15:26:08 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010/06/16 17:13:42 | 000,000,000 | ---D | M] -- C:\rsit(2) [2011/03/01 18:21:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012/04/13 15:49:12 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/10/20 10:50:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/10/20 10:50:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/10/20 10:50:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/10/20 10:50:26 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004/08/04 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: NETLOGON.DLL > [2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004/08/04 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004/08/04 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004/08/04 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004/08/04 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2005/03/11 18:46:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005/03/11 18:46:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005/03/11 18:46:15 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2012/03/02 00:00:10 | 011,082,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2012/03/01 07:00:08 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > |
|
25.04.2012, 07:25
| #2 | ||||
| /// Helfer-Team    | National Cyber Crime Trojaner / Logfiles. Naechste Schritte... Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
1. Zitat:
Code:
ATTFilter :OTL
O4 - HKU\Julian_Wilke_ON_C..\Run: [] C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Temp\wpbt0.dll ()
O4 - HKU\Julian_Wilke_ON_C..\Run: [{5CA00908-CD11-2F76-C3BC-3F87C2FDCAC0}] File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. Boote neu und schaue nach, ob Du schon im normalen Modus arbeiten kannst? wenn ja, so geht es weiter: 3. Deinstalliere: Code:
ATTFilter "Ad-Aware Free": jetzt läuft mit Anti-Viren-Schutz!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! 4. CD-Emulatoren mit DeFogger deaktivieren Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen. Lade DeFogger herunter und speichere es auf Deinem Desktop. Doppelklicke DeFogger, um das Tool zu starten.
5. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
6. Systemscan mit OTL - nicht mehr das OTLPE starten! Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
7. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
25.04.2012, 12:59
| #3 |
| | National Cyber Crime Trojaner / Logfiles. Naechste Schritte... Hallo Kira,
__________________zunächst einmal vielen Dank für die Antwort und Deine Hilfe. Ich habe die von Dir vorgeschlagenen Schritte 1-7 alle durchgeführt und poste Dir jetzt die relevanten Informationen dazu. 1. Fixen mit OTLPE Hier der Logfile: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\Julian_Wilke_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Temp\wpbt0.dll moved successfully.
Registry value HKEY_USERS\Julian_Wilke_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\{5CA00908-CD11-2F76-C3BC-3F87C2FDCAC0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CA00908-CD11-2F76-C3BC-3F87C2FDCAC0}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: Administrator.JULIANWILKE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Julian Wilke
->Temp folder emptied: 721517232 bytes
->Temporary Internet Files folder emptied: 278089955 bytes
->Java cache emptied: 3897 bytes
->FireFox cache emptied: 217917038 bytes
->Flash cache emptied: 3664 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 211738 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2924979 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 72 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7484565 bytes
3. Ad-Aware-Free habe ich deinstalliert. 4. Ich habe Alcohol 120% und Any DVD deinstalliert. 5. Scan mit Malwarebytes Anti-Malware Habe ich gemacht, er hat doch einige Treffer gefunden, die ich dann alle gelöscht habe. Ein Treffer unter C:\System Volume Information war nicht dabei. Hier der Bericht nach Löschen der Treffer: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.25.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Julian Wilke :: JULIANWILKE [administrator] 25.04.2012 13:32:57 mbam-log-2012-04-25 (13-32-57).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 404217 Time elapsed: 2 hour(s), 38 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 7 HKCR\CLSID\{cbc5b60a-aa4d-45f6-84c2-d086f320299a} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 10 6. Systemscan mit OTL Habe ich auch gemacht, es kam allerdings irgendwann beim Systemscan die Fehlermeldung, dass kein Datenträger vorhanden wäre. Kann es sein, dass damit die Speicherkartenschnittstellen gemeint waren, in denen zur Zeit keine Speicherkarte enthalten ist? Die Fehlermeldung kam drei oder viermal hintereinander, ich habe dann immer auch weiter geklickt. Hier die OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.04.2012 13:22:26 - Run 1 OTL by OldTimer - Version 3.2.42.0 Folder = C:\Dokumente und Einstellungen\Julian Wilke\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,25 Gb Total Physical Memory | 0,20 Gb Available Physical Memory | 15,86% Memory free 1,85 Gb Paging File | 1,04 Gb Available in Paging File | 56,18% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 75,31 Gb Total Space | 18,47 Gb Free Space | 24,53% Space Free | Partition Type: NTFS Drive D: | 71,30 Gb Total Space | 12,38 Gb Free Space | 17,37% Space Free | Partition Type: NTFS Drive E: | 2,44 Gb Total Space | 0,25 Gb Free Space | 10,32% Space Free | Partition Type: FAT32 Drive K: | 495,22 Mb Total Space | 493,82 Mb Free Space | 99,72% Space Free | Partition Type: FAT Drive N: | 629,79 Gb Total Space | 553,90 Gb Free Space | 87,95% Space Free | Partition Type: NTFS Computer Name: JULIANWILKE | User Name: Julian Wilke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.25 13:21:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\OTL.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.03.27 22:42:31 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.10.09 16:02:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.06.28 20:10:49 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 17:47:25 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.19 16:32:52 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010.11.19 16:31:52 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.09.11 12:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.06.19 12:44:02 | 000,195,072 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2009.03.12 16:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2009.02.06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.04.22 00:27:06 | 000,498,952 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2008.04.22 00:00:36 | 000,911,168 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2008.04.21 23:54:38 | 002,622,296 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2008.04.21 01:07:26 | 000,136,472 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2008.04.21 01:07:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.05.15 20:17:11 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32\UAService7.exe PRC - [2004.10.08 12:52:32 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE PRC - [2004.09.16 10:52:42 | 001,605,632 | ---- | M] (Webshots.com) -- C:\Programme\Webshots\webshots.scr ========== Modules (No Company Name) ========== MOD - [2012.04.23 18:33:26 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll MOD - [2012.04.13 22:04:08 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll MOD - [2012.04.13 21:54:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll MOD - [2012.04.13 21:52:55 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll MOD - [2012.04.12 23:42:52 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.04.12 23:42:45 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.04.12 23:42:43 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012.03.27 22:42:30 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.03.22 15:04:50 | 000,421,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Mozilla\Firefox\Profiles\h3g6k5d2.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.11.dll MOD - [2012.02.16 11:42:21 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll MOD - [2012.02.16 11:42:11 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll MOD - [2012.02.16 11:40:32 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll MOD - [2012.02.16 11:40:22 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll MOD - [2012.02.16 11:37:06 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll MOD - [2012.02.16 11:36:23 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll MOD - [2012.02.16 11:33:03 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll MOD - [2011.10.15 21:45:40 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.07.10 21:29:15 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.10 21:29:11 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.10 21:29:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2008.04.22 00:27:06 | 000,498,952 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe MOD - [2008.04.21 23:43:20 | 001,336,600 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\fox.dll MOD - [2008.03.25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.04.23 18:33:29 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.10.09 16:02:32 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.06.28 20:10:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 17:47:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.27 14:14:31 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.11.19 16:31:52 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.11.19 16:29:54 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.02.06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.04.22 00:27:06 | 000,498,952 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2008.04.21 01:07:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007.06.15 17:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.05.15 20:17:11 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7) SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\Vax347b.sys -- (Vax347b) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\JULIAN~1\LOKALE~1\Temp\oUltraf.sys -- (oUltraf) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- J:\Player\cds300.dll -- (8de302a8-c142-4cb6-99a2-dbec0bcc64e9) DRV - File not found [Kernel | On_Demand | Stopped] -- J:\Player\cds300.dll -- (53d98f3b-4c2c-48ae-82c0-c2f7285e6cb4) DRV - [2012.04.25 13:30:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.04.25 13:19:35 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\bpjoickl.sys -- (vdwfati) DRV - [2011.06.28 20:10:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 20:10:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.01.23 21:21:17 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2010.01.23 21:21:17 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010.01.23 21:21:06 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2010.01.23 21:20:57 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman) DRV - [2009.06.29 18:00:50 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.04.09 13:38:30 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.03.05 03:02:36 | 000,041,120 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.03.04 10:27:16 | 000,032,288 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.03.04 10:27:14 | 000,074,912 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.10.09 13:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007.11.11 19:18:57 | 000,096,832 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2007.02.22 12:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007.02.22 12:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007.02.22 12:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007.02.22 12:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2007.02.16 02:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2006.11.22 05:25:08 | 002,829,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005.12.04 22:58:03 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi) DRV - [2005.12.04 22:56:16 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2005.11.14 19:43:33 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ithsgt.sys -- (ithsgt) DRV - [2005.11.14 19:43:32 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lilsgt.sys -- (lilsgt) DRV - [2004.10.08 13:59:11 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl) DRV - [2004.10.08 13:57:48 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2004.10.07 16:09:22 | 000,115,744 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.10.07 16:05:05 | 000,080,576 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1) DRV - [2003.01.10 10:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770) DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {2770C1C9-C9CD-425F-8931-18B47AFCB845} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{2770C1C9-C9CD-425F-8931-18B47AFCB845}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{67F8C25F-CDE5-44FB-9284-4A51A4F06C82}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms} IE - HKCU\..\SearchScopes\{A3BB2C5C-D72B-4A3C-8E32-0E38FA9F0E0D}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{D2CD054C-F5AA-4CDC-83F5-568E426A98A5}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.05.03 17:57:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Programme\Object\facetheme FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.27 22:42:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.06 23:01:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Programme\Object\facetheme [2008.08.31 11:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Mozilla\Extensions [2012.04.14 11:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Mozilla\Firefox\Profiles\h3g6k5d2.default\extensions [2010.05.28 18:38:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Mozilla\Firefox\Profiles\h3g6k5d2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.03.25 13:12:13 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Mozilla\Firefox\Profiles\h3g6k5d2.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2011.08.07 14:11:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Mozilla\Firefox\Profiles\h3g6k5d2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.28 18:38:59 | 000,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Mozilla\Firefox\Profiles\h3g6k5d2.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2009.11.11 22:48:08 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Mozilla\Firefox\Profiles\h3g6k5d2.default\extensions\firefox@tvunetworks.com [2007.09.21 15:14:00 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Mozilla\Firefox\Profiles\h3g6k5d2.default\extensions\videodowloader@videodownloader.net [2011.11.11 18:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} [2012.03.27 22:42:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011.10.03 13:32:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 13:32:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.03 13:32:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 13:32:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 13:32:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 13:32:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2010.06.26 13:23:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Julian Wilke\Startmenü\Programme\Autostart\Webshots.lnk = C:\Programme\Webshots\Launcher.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Programme\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\Bonjour\mdnsNSP.dll File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/activex/IPSUploader.cab (IPSUploader Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D649E64-5822-4CCE-99CB-3B54565EBF93}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop Components:0 () - file:///C:/DOKUME~1/JULIAN~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Webshots\The Webshots Desktop\Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Webshots\The Webshots Desktop\Wallpaper.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.03.11 23:59:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{6ba36d16-56cc-11df-9000-001109a85e4d}\Shell - "" = AutoRun O33 - MountPoints2\{6ba36d16-56cc-11df-9000-001109a85e4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6ba36d16-56cc-11df-9000-001109a85e4d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6ba36d17-56cc-11df-9000-001109a85e4d}\Shell - "" = AutoRun O33 - MountPoints2\{6ba36d17-56cc-11df-9000-001109a85e4d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6ba36d17-56cc-11df-9000-001109a85e4d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.04.25 17:42:49 | 000,000,000 | ---D | C] -- C:\_OTL [2012.04.25 13:28:34 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\mbam-setup-1.61.0.1400.exe [2012.04.25 13:21:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\OTL.exe [2012.04.23 18:33:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.04.19 11:45:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Vivento [2012.04.17 21:54:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Mitarbeiter Kundendatenbankmanagement [2012.04.15 15:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Wetuzet [2012.04.15 15:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Noup [2012.04.12 19:31:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Headhunter [2012.04.01 17:33:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Telekom [2012.03.31 20:04:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Michael Page [2012.03.27 10:36:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Deutsche Post Database Marketing [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.25 13:30:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.04.25 13:29:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.25 13:28:45 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\mbam-setup-1.61.0.1400.exe [2012.04.25 13:21:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\OTL.exe [2012.04.25 13:20:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.25 13:19:35 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\bpjoickl.sys [2012.04.25 13:18:25 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.25 13:18:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.25 13:17:57 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys [2012.04.25 13:08:08 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.23 20:12:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.04.23 18:33:28 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.04.23 18:33:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.04.21 21:19:03 | 004,893,111 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\REWE_Broschuere_09.pdf [2012.04.21 17:52:21 | 001,345,382 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Fakten_und_Zahlen_zum_deutschen_Reisemarkt_2010.pdf [2012.04.18 11:08:39 | 003,068,147 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Julian Wilke Mitarbeiter Kundendatenbankmanagement_CRM-System.pdf [2012.04.17 22:00:13 | 000,065,490 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\congstar_ManagerReporting_Datawarehouse_C40.pdf [2012.04.17 12:55:03 | 000,492,262 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\artikel_stadtanzeiger_2011_web.jpg [2012.04.12 23:43:07 | 000,506,418 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.12 23:43:07 | 000,481,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.12 23:43:07 | 000,098,486 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.12 23:43:07 | 000,082,908 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.12 23:37:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.04.12 19:38:30 | 000,039,999 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CV_Julian Wilke.pdf [2012.04.06 20:09:02 | 005,200,031 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\die ärzte - Quadrophenia (offizielles Video).mp3 [2012.04.06 13:31:54 | 003,068,051 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Junior Manger operatives CRM Julian Wilke.pdf [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.03 19:54:34 | 000,109,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.01 11:32:36 | 000,001,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\iTunes.lnk [2012.03.31 16:51:31 | 000,406,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\IMG_4212-001.JPG [2012.03.31 14:47:47 | 000,052,956 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\51XZufENFML._SS500_.jpg [2012.03.30 16:25:04 | 000,035,695 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\facebook_disconnect-2.1.1-fx.xpi [2012.03.27 15:55:24 | 001,304,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnisse geringere Auflösung.pdf [2012.03.27 15:53:03 | 000,554,140 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnis Aktion Mensch geringere Auflösung.pdf [2012.03.27 15:52:21 | 000,088,116 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\3.pdf [2012.03.27 15:51:52 | 000,110,190 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00002.JPG [2012.03.27 15:50:38 | 000,215,806 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\1.pdf [2012.03.27 15:49:56 | 000,277,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00001.JPG [2012.03.27 15:48:26 | 000,258,306 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\2.pdf [2012.03.27 15:47:13 | 000,328,908 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00000.JPG [2012.03.27 15:45:35 | 000,399,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCF27032012_00000.pdf [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.25 13:29:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.25 13:19:35 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bpjoickl.sys [2012.04.21 21:19:02 | 004,893,111 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\REWE_Broschuere_09.pdf [2012.04.21 17:52:21 | 001,345,382 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Fakten_und_Zahlen_zum_deutschen_Reisemarkt_2010.pdf [2012.04.18 11:08:31 | 003,068,147 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Julian Wilke Mitarbeiter Kundendatenbankmanagement_CRM-System.pdf [2012.04.17 22:00:05 | 000,065,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\congstar_ManagerReporting_Datawarehouse_C40.pdf [2012.04.17 12:55:01 | 000,492,262 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\artikel_stadtanzeiger_2011_web.jpg [2012.04.16 20:52:55 | 000,039,999 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CV_Julian Wilke.pdf [2012.04.07 12:10:16 | 000,035,695 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\facebook_disconnect-2.1.1-fx.xpi [2012.04.06 20:08:23 | 005,200,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\die ärzte - Quadrophenia (offizielles Video).mp3 [2012.04.06 13:27:52 | 003,068,051 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Bewerbung Junior Manger operatives CRM Julian Wilke.pdf [2012.04.01 11:32:36 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\iTunes.lnk [2012.03.31 16:51:31 | 000,406,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\IMG_4212-001.JPG [2012.03.31 14:47:43 | 000,052,956 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\51XZufENFML._SS500_.jpg [2012.03.27 15:55:21 | 001,304,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnisse geringere Auflösung.pdf [2012.03.27 15:52:20 | 000,088,116 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\3.pdf [2012.03.27 15:51:52 | 000,110,190 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00002.JPG [2012.03.27 15:49:56 | 000,277,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00001.JPG [2012.03.27 15:48:25 | 000,258,306 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\2.pdf [2012.03.27 15:47:12 | 000,328,908 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCI27032012_00000.JPG [2012.03.27 15:45:35 | 000,399,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\CCF27032012_00000.pdf [2012.03.27 15:36:47 | 000,215,806 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\1.pdf [2012.03.27 10:49:59 | 000,554,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Julian Wilke\Desktop\Zeugnis Aktion Mensch geringere Auflösung.pdf [2011.12.27 17:47:28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2011.10.14 20:32:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2011.02.17 23:27:45 | 000,197,024 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.06.03 14:31:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll ========== LOP Check ========== [2008.05.18 13:31:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2007.03.03 15:25:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2008.07.13 20:58:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Colormailer Photobooks [2011.02.28 19:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads [2008.07.12 19:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG [2007.03.03 15:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2010.09.05 18:00:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ifolor [2007.11.10 16:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.04.05 16:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2005.11.07 20:10:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NFS Underground [2009.06.26 08:20:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2008.12.23 16:22:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2007.11.17 16:14:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2008.08.07 18:53:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.12.27 14:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.05.03 17:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2009.03.27 21:11:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010.05.20 19:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.12.06 15:13:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2009.09.10 19:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.06.26 07:39:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.12.27 14:13:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2005.07.02 16:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\.cptool [2011.04.06 19:54:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Amazon [2011.10.21 18:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus [2010.05.03 17:57:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Bytemobile [2006.01.15 17:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Computent Systems [2007.07.16 22:38:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DeepBurner [2012.04.22 19:52:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Dropbox [2012.03.31 14:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DVDVideoSoft [2011.08.07 14:11:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\DVDVideoSoftIEHelpers [2008.07.12 19:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\fotobuch.de AG [2008.01.07 20:41:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\FotoWire [2011.02.26 22:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\gtk-2.0 [2007.03.18 20:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Haufe [2007.10.13 10:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Hiermit startenRipIt4Me [2007.08.26 18:16:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\InfraRecorder [2005.03.13 15:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Kazaa Lite [2009.04.05 16:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Lexware [2009.06.27 16:14:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Nokia [2009.11.27 23:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Notepad++ [2012.04.15 18:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Noup [2009.06.26 08:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\PC Suite [2008.01.11 19:29:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\PersBackup [2011.03.01 19:18:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\ProtectDisc [2007.07.15 20:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\RipIt4Me [2011.09.18 16:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Scan2PDF [2007.01.22 18:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\SlySoft [2009.04.11 12:06:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\TuneUp Software [2010.05.03 17:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Vodafone [2009.10.26 21:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Webshots [2012.04.23 18:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Wetuzet ========== Purity Check ========== < End of report > Und hier die Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.04.2012 13:22:26 - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Dokumente und Einstellungen\Julian Wilke\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,25 Gb Total Physical Memory | 0,20 Gb Available Physical Memory | 15,86% Memory free
1,85 Gb Paging File | 1,04 Gb Available in Paging File | 56,18% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 75,31 Gb Total Space | 18,47 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive D: | 71,30 Gb Total Space | 12,38 Gb Free Space | 17,37% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,25 Gb Free Space | 10,32% Space Free | Partition Type: FAT32
Drive K: | 495,22 Mb Total Space | 493,82 Mb Free Space | 99,72% Space Free | Partition Type: FAT
Drive N: | 629,79 Gb Total Space | 553,90 Gb Free Space | 87,95% Space Free | Partition Type: NTFS
Computer Name: JULIANWILKE | User Name: Julian Wilke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1"
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8196:TCP" = 8196:TCP:*:Disabled:ppLive
"4226:UDP" = 4226:UDP:*:Disabled:ppLive
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Julian Wilke\Desktop\assimule-1o\assimule-1o~\eMule.exe" = C:\Dokumente und Einstellungen\Julian Wilke\Desktop\assimule-1o\assimule-1o~\eMule.exe:*:Enabled:eMule Plus
"C:\WINDOWS\system32\burst.dll" = C:\WINDOWS\system32\burst.dll:*:Disabled:burst -- ()
"C:\Programme\QuickTime\QuickTimePlayer.exe" = C:\Programme\QuickTime\QuickTimePlayer.exe:*:Disabled:QuickTime Player -- (Apple Inc.)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\fotobuch.de AG\Designer\Designer.exe" = C:\Programme\fotobuch.de AG\Designer\Designer.exe:*:Designer.exe
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- ()
"C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\ArcSoft\TotalMedia 3.5\TotalMedia.exe" = C:\Programme\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5 -- (ArcSoft, Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{31F08D1D-E42D-41F7-B53C-FDDA7D934C1E}" = Lernwerkstatt
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{570034FC-BC1E-4518-BD5D-6ACF49EB5865}" = Digitale Signatur für Elster
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59C95D15-5F24-435E-898D-3806961FC79D}" = Steuer 2006
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{86EC42B5-346E-4BAB-948D-58E021EA4BD1}" = ATI Catalyst Control Center
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F04D6A72-92D3-44FB-9005-A89065245E33}" = Steuer Update 15.01
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"4Musics OGG to MP3 Converter v1.5" = 4Musics OGG to MP3 Converter v1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"C-Media Audio Driver" = C-Media WDM Audio Driver
"coverXP" = coverXP (remove only)
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Ogg Vorbis Codec" = dBpowerAMP Ogg Vorbis Codec
"Designer 2.0_is1" = Designer 2.0
"doubleTwist desktop" = doubleTwist desktop
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EAX Unified" = EAX Unified
"ffdshow_is1" = ffdshow [rev 1685] [2007-12-06]
"FormatFactory" = FormatFactory 2.00
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Studio_is1" = Free Studio version 5.1.5
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HandBrake" = HandBrake 0.9.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ifolor-Designer" = ifolor Designer
"InfraRecorder" = InfraRecorder
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{31F08D1D-E42D-41F7-B53C-FDDA7D934C1E}" = Lernwerkstatt
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"James Bond 007: Nightfire" = James Bond 007: Nightfire
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.71 Full
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Ogg Vorbis aoTuV b4 SSE2" = Ogg Vorbis aoTuV b4 SSE2
"PDF Blender" = PDF Blender
"Picasa 3" = Picasa 3
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QcDrv" = Logitech® Camera-Treiber
"RealPlayer 6.0" = RealPlayer
"Scan2PDF_is1" = Scan2PDF 1.6
"SopCast" = SopCast 3.0.3
"TuneUp Utilities" = TuneUp Utilities
"TVUPlayer" = TVUPlayer 2.4.9.1
"Veetle TV" = Veetle TV 0.9.18
"Webshots Desktop" = Webshots Desktop
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"e85bb7d0c32898ac" = DigitalPrintLab3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.04.2012 16:31:21 | Computer Name = JULIANWILKE | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 20.04.2012 13:24:10 | Computer Name = JULIANWILKE | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 21.04.2012 05:06:42 | Computer Name = JULIANWILKE | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 21.04.2012 13:54:00 | Computer Name = JULIANWILKE | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 21.04.2012 13:57:14 | Computer Name = JULIANWILKE | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 21.04.2012 17:45:49 | Computer Name = JULIANWILKE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul bho_project.dll, Version 1.0.0.1, Fehleradresse 0x0000763c.
Error - 22.04.2012 07:12:30 | Computer Name = JULIANWILKE | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 23.04.2012 12:30:26 | Computer Name = JULIANWILKE | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 24.04.2012 14:18:12 | Computer Name = JULIANWILKE | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 25.04.2012 07:18:59 | Computer Name = JULIANWILKE | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 25.04.2012 07:25:54 | Computer Name = JULIANWILKE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 25.04.2012 07:25:54 | Computer Name = JULIANWILKE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 25.04.2012 07:25:54 | Computer Name = JULIANWILKE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 25.04.2012 07:25:54 | Computer Name = JULIANWILKE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 25.04.2012 07:25:54 | Computer Name = JULIANWILKE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 25.04.2012 07:25:54 | Computer Name = JULIANWILKE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 25.04.2012 07:25:55 | Computer Name = JULIANWILKE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 25.04.2012 07:25:55 | Computer Name = JULIANWILKE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 25.04.2012 07:25:56 | Computer Name = JULIANWILKE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 25.04.2012 07:25:56 | Computer Name = JULIANWILKE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
[ TuneUp Events ]
Error - 16.06.2010 15:15:43 | Computer Name = JULIANWILKE | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 17.06.2010 10:53:12 | Computer Name = JULIANWILKE | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 17.06.2010 17:00:41 | Computer Name = JULIANWILKE | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 18.06.2010 11:51:50 | Computer Name = JULIANWILKE | Source = TuneUp Program Statistics | ID = 131840
Description =
Error - 19.06.2010 04:09:59 | Computer Name = JULIANWILKE | Source = TuneUp Program Statistics | ID = 131840
Description =
< End of report >
7. CCleaner Hier noch die Liste meiner derzeit installierten Programme Code:
ATTFilter 4Musics OGG to MP3 Converter v1.5 25.04.2012 Acronis*True*Image*Home Acronis 23.01.2010 235MB 11.0.8105 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 25.04.2012 11.0.1.152 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 25.04.2012 11.2.202.233 Adobe Reader 7.0.9 - Deutsch Adobe Systems Incorporated 06.10.2007 78,1MB 7.0.9 Adobe Shockwave Player 11.5 Adobe Systems, Inc. 25.04.2012 11.5.2.602 Amazon MP3-Downloader 1.0.9 25.04.2012 Apple Application Support Apple Inc. 14.10.2011 62,9MB 2.1.5 Apple Mobile Device Support Apple Inc. 14.10.2011 24,1MB 4.0.0.96 Apple Software Update Apple Inc. 14.10.2011 2,38MB 2.1.3.127 ArcSoft Software Suite ArcSoft 23.01.2010 1.0 ArcSoft TotalMedia 3.5 ArcSoft 25.04.2012 3.5.28.260 ATI - Dienstprogramm zur Deinstallation der Software 25.04.2012 6.14.10.1012 ATI Catalyst Control Center 09.11.2005 166,6MB 1.2.2044.226 ATI Display Driver 25.04.2012 8.321-061122m-038463C-ATI ATI HYDRAVISION 25.04.2012 3.25.9006 AudibleManager Audible, Inc. 25.04.2012 2089948374.2089948436.2090393888.2089948394 Avira AntiVir Personal - Free Antivirus Avira GmbH 25.04.2012 10.2.0.707 Bonjour Apple Inc. 14.10.2011 0,73MB 3.0.0.10 Brother MFL-Pro Suite Brother Industries, Ltd. 08.10.2008 1.00 C-Media WDM Audio Driver 25.04.2012 Canon Utilities PhotoStitch 3.1 Canon 14.06.2005 3.1.9 CCleaner Piriform 25.04.2012 3.17 ClearType Tuning Control Panel Applet Microsoft Corporation 01.06.2005 0,25MB 1.01.0000 CloneDVD2 Elaborate Bytes 25.04.2012 Compatibility Pack für 2007 Office System Microsoft Corporation 17.01.2009 65,0MB 12.0.6021.5000 coverXP (remove only) 25.04.2012 dBpowerAMP Music Converter 25.04.2012 dBpowerAMP Ogg Vorbis Codec 25.04.2012 DeepBurner v1.8.0.224 16.07.2007 Designer 2.0 fotobuch.de AG 12.07.2008 7.7.1 DigitalPrintLab3 printeria 3.2.405.9040 doubleTwist desktop doubleTwist Corporation 25.04.2012 0.5.2.24 Dropbox Dropbox, Inc. 25.04.2012 1.2.52 DVD Decrypter (Remove Only) 25.04.2012 DVD Shrink 3.2 DVD Shrink 25.04.2012 EAX Unified 25.04.2012 ffdshow [rev 1685] [2007-12-06] 22.02.2008 1.0 FormatFactory 2.00 Free Time 25.04.2012 2.00 FoxyTunes for Firefox 25.04.2012 Free Studio version 5.1.5 DVDVideoSoft Limited. 07.08.2011 Google Earth Google 23.11.2011 92,8MB 6.1.0.5001 GPL Ghostscript 8.70 25.04.2012 Grand Theft Auto Vice City 25.04.2012 1.00.000 HandBrake 0.9.3 HandBrake 25.04.2012 0.9.3 ifolor Designer Ifolor AG 25.04.2012 2.4.22.591 InfraRecorder 25.04.2012 InterVideo WinDVD Creator 2 InterVideo Inc. 25.04.2012 2.0.14.343 iPhone-Konfigurationsprogramm Apple Inc. 10.09.2009 22,4MB 2.1.0.163 iTunes Apple Inc. 14.10.2011 168,7MB 10.5.0.142 James Bond 007: Nightfire Electronic Arts 25.04.2012 Java 2 Runtime Environment, SE v1.4.2_03 Sun Microsystems, Inc. 13.03.2005 136,7MB 1.4.2_03 Java(TM) 6 Update 10 Sun Microsystems, Inc. 18.12.2008 90,5MB 6.0.100 Java(TM) 6 Update 2 Sun Microsystems, Inc. 28.07.2007 111,2MB 1.6.0.20 Java(TM) 6 Update 3 Sun Microsystems, Inc. 28.10.2007 111,3MB 1.6.0.30 Java(TM) 6 Update 5 Sun Microsystems, Inc. 27.04.2008 114,2MB 1.6.0.50 Java(TM) 6 Update 7 Sun Microsystems, Inc. 09.07.2008 114,3MB 1.6.0.70 Java(TM) SE Runtime Environment 6 Update 1 Sun Microsystems, Inc. 30.04.2007 134,1MB 1.6.0.10 K-Lite Codec Pack 2.71 Full 25.04.2012 2.71 Lernwerkstatt Medienwerkstatt Mühlacker Verlagsgesellschaft mbH 03.08.2007 6.00.0000 Lexware Info Service Haufe-Lexware GmbH & Co.KG 22.05.2011 12,4MB 2.70.00.0081 Logitech Print Service 25.04.2012 Logitech QuickCam-Software Logitech, Inc. 25.04.2012 8.41.0000 Logitech® Camera-Treiber 25.04.2012 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 25.04.2012 1.61.0.1400 Microsoft .NET Framework 1.1 12.04.2012 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 12.04.2012 185,2MB 2.2.30729 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 10.07.2009 6,30MB 2.2.30729 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 26.06.2010 209MB 3.2.30729 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 10.07.2009 37,5MB 3.2.30729 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 25.04.2012 Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 11.01.2012 Microsoft Office XP Professional mit FrontPage Microsoft Corporation 12.03.2005 279MB 10.0.2701.0 Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Corporation 26.06.2009 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 31.01.2008 5,21MB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 25.11.2009 10,3MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.01.2011 10,2MB 9.0.30729.4148 MobileMe Control Panel Apple Inc. 14.10.2011 12,0MB 3.1.6.0 Mozilla Firefox 11.0 (x86 de) Mozilla 25.04.2012 11.0 MSXML 4.0 SP2 (KB927978) Microsoft Corporation 10.03.2007 2,56MB 4.20.9841.0 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 18.08.2007 2,62MB 4.20.9848.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.11.2008 2,67MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 2,77MB 4.20.9876.0 Need for Speed™ Most Wanted 25.04.2012 Nokia Connectivity Cable Driver Nokia 10.11.2007 0,96MB 6.84.4.0 Notepad++ 25.04.2012 5.5 Ogg Vorbis aoTuV b4 SSE2 25.04.2012 PaperPort Image Printer Nuance Communications, Inc. 08.10.2008 1,98MB 1.00.0000 PC Connectivity Solution Nokia 10.11.2007 8,91MB 7.22.7.1 PC Inspector File Recovery 25.04.2012 4.0 PDF Blender 25.04.2012 PDFCreator Frank Heindörfer, Philip Chinery 24.03.2007 33,3MB 0.9.3 Picasa 3 Google, Inc. 25.04.2012 3.8 Protect Disc License Helper 1.0.118 Protect Disc 25.04.2012 1.0.118 ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 25.04.2012 11.0.0.12 QuickTime Apple Inc. 06.06.2011 73,7MB 7.69.80.9 RealPlayer 25.04.2012 Scan2PDF 1.6 Koma-Code 18.09.2011 ScanSoft PaperPort 11 Nuance Communications, Inc. 08.10.2008 130,3MB 11.1.0000 SES Driver Western Digital 07.08.2011 24,00KB 1.0.0 Skype™ 5.5 Skype Technologies S.A. 24.10.2011 17,0MB 5.5.124 SopCast 3.0.3 SopCast.com 25.04.2012 3.0.3 Steuer 2010 Haufe-Lexware GmbH & Co.KG 04.07.2011 467MB 17.05.00.0003 TuneUp Utilities TuneUp Software 27.12.2010 9.0.5100.2 Turbo Lister 2 eBay 11.12.2007 2.0.0 TVUPlayer 2.4.9.1 TVU networks 25.04.2012 2.4.9.1 Veetle TV 0.9.18 Veetle, Inc 25.04.2012 0.9.18 Vodafone Mobile Connect Lite Vodafone 03.05.2010 30,2MB 9.4.3.17550 Webshots Desktop 25.04.2012 Winamp (remove only) 25.04.2012 Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Microsoft Corporation 07.03.2010 1.0 Windows Internet Explorer 8 Microsoft Corporation 12.09.2009 20090308.140743 Windows Media Format 11 runtime 25.04.2012 Windows XP Service Pack 3 Microsoft Corporation 20.10.2008 20080414.031514 WinRAR Archivierer 25.04.2012 Danke nochmals für Deine Hilfe. Gruß Julian |
|
25.04.2012, 17:23
| #4 | |
| /// Helfer-Team | National Cyber Crime Trojaner / Logfiles. Naechste Schritte... ► Das Malwarebytes-Protokoll nicht nicht vollständig gepostet hast, bitte versuche es nochmal! für eine gründliche Reinigung werden noch einige Schritte nötig: 1. Zur Info: Code:
ATTFilter SopCast
2. Tipps (unabhängig davon ob man ihn benutzt oder nicht!): -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? -> Firefox mit Add-ons anpassen -> Firefox Add-Ons endgültig löschen | PcBeirat.de 3. Zitat:
Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\JULIAN~1\LOKALE~1\Temp\oUltraf.sys -- (oUltraf)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\Vax347b.sys -- (Vax347b)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {2770C1C9-C9CD-425F-8931-18B47AFCB845}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{2770C1C9-C9CD-425F-8931-18B47AFCB845}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{67F8C25F-CDE5-44FB-9284-4A51A4F06C82}: "URL" = http://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{A3BB2C5C-D72B-4A3C-8E32-0E38FA9F0E0D}: "URL" = http://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D2CD054C-F5AA-4CDC-83F5-568E426A98A5}: "URL" = http://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - user.js - File not found
[2011.10.03 13:32:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.03 13:32:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6ba36d16-56cc-11df-9000-001109a85e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba36d16-56cc-11df-9000-001109a85e4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ba36d16-56cc-11df-9000-001109a85e4d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6ba36d17-56cc-11df-9000-001109a85e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba36d17-56cc-11df-9000-001109a85e4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ba36d17-56cc-11df-9000-001109a85e4d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
[2012.04.25 13:18:25 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.25 13:08:08 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dokumente und Einstellungen\Julian Wilke\Desktop\assimule-1o\assimule-1o~\eMule.exe" =-
:Files
C:\DOKUME~1\JULIAN~1\LOKALE~1\Temp\oUltraf.sys
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
4. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 5. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 6. reinige dein System mit CCleaner:
7. Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. ►Prüfende Datei/en: Code:
ATTFilter C:\WINDOWS\System32\drivers\bpjoickl.sys
► Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!: Scanergebnisse mitsamt Dateiname! Code:
ATTFilter Datei File name:
<hier kommt die Dateiname>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
VT Community
goodware/badware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.22.00 2010.10.21 -
AntiVir 7.10.13.15 2010.10.21 -
Antiy-AVL 2.0.3.7 2010.10.22 -
Authentium 5.2.0.5 2010.10.22 -
Avast 4.8.1351.0 2010.10.21 -
Avast5 5.0.594.0 2010.10.21 -
usw........
...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
26.04.2012, 16:48
| #5 |
| | National Cyber Crime Trojaner / Logfiles. Naechste Schritte... Hallo Kira, danke Deine Antwort. Ich habe alle Schritte ausgeführt, bei zweien gabs jedoch Probleme. Aber der Reiher nach Zunächst noch einmal das komplette Malwarebytes-Protokoll Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.25.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Julian Wilke :: JULIANWILKE [administrator] 25.04.2012 13:32:57 mbam-log-2012-04-25 (13-32-57).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 404217 Time elapsed: 2 hour(s), 38 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 7 HKCR\CLSID\{cbc5b60a-aa4d-45f6-84c2-d086f320299a} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBC5B60A-AA4D-45F6-84C2-D086F320299A} (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 10 C:\Programme\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\content (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\defaults (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\defaults\preferences (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\locale (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\locale\en-US (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\skin (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Files Detected: 32 C:\Programme\Object\ChromeAddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\bho_project.dll (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\enable.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\chrome.manifest (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\config_build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\content\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\content\firefoxOverlay.xul (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\content\installid.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\content\overlay.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\content\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\defaults\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\defaults\preferences\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\files (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\install.rdf (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\locale\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\locale\en-US\.DS_Store (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\readme.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme\skin\overlay.css (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\facetheme_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\Programme\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully. C:\_OTL\MovedFiles\04252012_114249\C_Dokumente und Einstellungen\Julian Wilke\Lokale Einstellungen\Temp\wpbt0.dll (Trojan.Agent.IPLGen) -> Quarantined and deleted successfully. (end) 3. OTL Hier kamen wieder einige Fehlermeldungen, dass ein Datenträger nicht vorhanden sei. Ich habe dann immer auf weiter geklickt. Hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Service oUltraf stopped successfully!
Service oUltraf deleted successfully!
File C:\DOKUME~1\JULIAN~1\LOKALE~1\Temp\oUltraf.sys not found.
Error: No service named Vax347b was found to stop!
Service\Driver key Vax347b not found.
File system32\DRIVERS\Vax347b.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2770C1C9-C9CD-425F-8931-18B47AFCB845}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2770C1C9-C9CD-425F-8931-18B47AFCB845}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67F8C25F-CDE5-44FB-9284-4A51A4F06C82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67F8C25F-CDE5-44FB-9284-4A51A4F06C82}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A3BB2C5C-D72B-4A3C-8E32-0E38FA9F0E0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BB2C5C-D72B-4A3C-8E32-0E38FA9F0E0D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D2CD054C-F5AA-4CDC-83F5-568E426A98A5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2CD054C-F5AA-4CDC-83F5-568E426A98A5}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba36d16-56cc-11df-9000-001109a85e4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ba36d16-56cc-11df-9000-001109a85e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba36d16-56cc-11df-9000-001109a85e4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ba36d16-56cc-11df-9000-001109a85e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba36d16-56cc-11df-9000-001109a85e4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ba36d16-56cc-11df-9000-001109a85e4d}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba36d17-56cc-11df-9000-001109a85e4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ba36d17-56cc-11df-9000-001109a85e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba36d17-56cc-11df-9000-001109a85e4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ba36d17-56cc-11df-9000-001109a85e4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba36d17-56cc-11df-9000-001109a85e4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ba36d17-56cc-11df-9000-001109a85e4d}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Dokumente und Einstellungen\Julian Wilke\Desktop\assimule-1o\assimule-1o~\eMule.exe deleted successfully.
========== FILES ==========
File\Folder C:\DOKUME~1\JULIAN~1\LOKALE~1\Temp\oUltraf.sys not found.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus\updates folder moved successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus\torrents folder moved successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus\tmp folder moved successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus\shares folder moved successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus\plugins folder moved successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus\net folder moved successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus\logs\save folder moved successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus\logs folder moved successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus\dht folder moved successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus\active folder moved successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Anwendungsdaten\Azureus folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Julian Wilke\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Julian Wilke\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: Administrator.JULIANWILKE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Julian Wilke
->Temp folder emptied: 80806 bytes
->Temporary Internet Files folder emptied: 33924 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 413414335 bytes
->Flash cache emptied: 2125 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33432 bytes
RecycleBin emptied: 1532106305 bytes
Total Files Cleaned = 1.856,00 mb
OTL by OldTimer - Version 3.2.42.0 log created on 04262012_165730
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\SC2FA5AB6.tmp scheduled to be moved on reboot.
Registry entries deleted on Reboot...
5. Adobe Reader ebenfalls aktualisiert. 6. Mit CC-Cleaner alle Fehler behoben und neu gestartet. 7. Die Datei C:\WINDOWS\System32\drivers\bpjoickl.sys habe ich nicht gefunden. Die Suche ergab nichts, ich habe auch selber im Ordner egschaut und mir auch die versteckten Dateien angeschaut, aber da war auch nichts. Kann es sein, dass die Datei gelöscht wurde? Gibt es sonst noch etwas zu tun oder ist jetzt wieder alles ok? Danke nochmals für Deine Hilfe. Gruß Julian |
|
26.04.2012, 17:51
| #6 | |
| /// Helfer-Team | National Cyber Crime Trojaner / Logfiles. Naechste Schritte...Zitat:
1. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 2. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
3. erneut einen Scan mit OTL:
__________________ --> National Cyber Crime Trojaner / Logfiles. Naechste Schritte... |
|
| Themen zu National Cyber Crime Trojaner / Logfiles. Naechste Schritte... |
| .com, 0x00000001, ad-aware, antivir, avira, becker, bonjour, crime, cyber crime, desktop, deutsche post, einstellungen, error, firefox, fontcache, format, google earth, homepage, kunde, logfile, national, national cyber crime, object, plug-in, registry, rundll, security, security update, software, system, trojaner, version=1.0, vodafone, windows, windows xp, wlan, wpbt0.dll |
.
Hybrid-Darstellung
