| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tr/spy.zbot.apcm tan abfrage. Hier die LOG FilesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.09.2010, 17:57
| #1 |
 |  tr/spy.zbot.apcm tan abfrage. Hier die LOG Files Hatte vor ein paar Tagen im online banking mit der deutschen Bank ein "popup" in dem ich alle meine 100 Tans eingeben sollte. Antivir hab ich laufen lassen gefundene Sachen entfernt. Heute kommt der im Titel angegebene Hinweis. Hab alle Schritte durchgeführt. Anbei die Log-files. Is der PC nu wieder saubär ? mbam Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4711
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28.09.2010 17:43:49
mbam-log-2010-09-28 (17-43-49).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 153642
Laufzeit: 8 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{f2d7eaa6-9a6c-367a-7592-01c9004b07de} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\Andreas\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Zuveiq\nyiny.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:50 on 28/09/2010 (Andreas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
otl.txt Code:
ATTFilter OTL logfile created on: 28.09.2010 18:15:50 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Dokumente und Einstellungen\Andreas\Desktop\MFTools Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 372,00 Mb Available Physical Memory | 36,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,14 Gb Total Space | 2,28 Gb Free Space | 2,45% Space Free | Partition Type: FAT32 Drive D: | 691,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANDI Current User Name: Andreas Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.09.28 17:17:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\MFTools\OTL.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.09.02 01:27:44 | 001,499,136 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe PRC - [2009.08.06 12:16:30 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.18 01:46:08 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009.03.02 12:08:44 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.07.11 15:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe PRC - [2007.06.13 08:16:02 | 000,528,384 | R--- | M] () -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe PRC - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.03.16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe PRC - [2006.04.29 14:21:30 | 000,094,208 | ---- | M] (Elaborate Bytes AG) -- C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe PRC - [2005.12.28 12:00:56 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EOUWiz.exe PRC - [2005.12.28 11:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005.12.28 11:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2005.12.28 11:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2005.12.28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe PRC - [2005.12.28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe PRC - [2005.12.28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe PRC - [2005.03.02 21:52:08 | 000,057,344 | ---- | M] () -- C:\Programme\Asus\Wireless Console\wcourier.exe PRC - [2005.02.08 06:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE PRC - [2004.12.21 23:23:38 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2004.08.22 11:09:24 | 000,532,480 | ---- | M] (Sphairon Access Systems GmbH) -- C:\Programme\Sphairon\UB801R USB Wireless LAN Card\Installer\WINXP\ScConfig2500USB.exe PRC - [2003.09.19 12:54:44 | 000,172,032 | ---- | M] () -- C:\Programme\Asus\ASUS Live Update\ALU.exe PRC - [2003.09.12 20:25:30 | 000,032,768 | ---- | M] (asus) -- C:\Programme\Asus\Asus ChkMail\ChkMail.exe PRC - [2001.03.23 03:32:34 | 000,436,224 | ---- | M] (ASUSTeK Computer Inc) -- C:\Programme\Asus\ASUS Probe\AsusProb.exe ========== Modules (SafeList) ========== MOD - [2010.09.28 17:17:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\MFTools\OTL.exe MOD - [2008.04.14 03:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008.04.13 19:36:48 | 002,981,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll MOD - [2004.12.21 23:23:38 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2009.08.31 13:03:54 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.08.06 12:16:30 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.18 01:46:08 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.06.05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007.04.03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2006.11.16 16:00:36 | 001,138,880 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe -- (SandraTheSrv) SRV - [2006.11.16 15:59:58 | 000,123,064 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe -- (SandraDataSrv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.12.28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2005.12.28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2005.12.28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2003.11.08 02:01:14 | 000,278,528 | ---- | M] (HP) [Auto | Stopped] -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Temp\hpdj.exe -- (hpdj) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- G:\WINSTRESS\UXDCMN.SYS -- (UXDCMN) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2009.12.07 17:48:22 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.07.18 01:46:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.07.18 01:46:08 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:02 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.04.13 17:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2007.10.11 11:31:14 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x) DRV - [2007.06.19 08:51:20 | 000,107,304 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm) DRV - [2007.06.19 08:51:18 | 000,099,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) DRV - [2007.06.19 08:51:18 | 000,097,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) DRV - [2007.06.19 08:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex) DRV - [2007.06.19 08:51:18 | 000,021,928 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) DRV - [2007.06.19 08:51:18 | 000,013,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl) DRV - [2007.06.19 08:51:16 | 000,081,832 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM) DRV - [2007.04.24 12:11:26 | 000,026,056 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2007.04.03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007.01.24 00:23:16 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.12.26 14:54:36 | 000,015,440 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2006.04.22 20:59:22 | 000,024,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\VClone.sys -- (VClone) DRV - [2005.12.28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.09.12 09:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2005.05.25 01:55:58 | 003,134,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005.04.12 09:41:22 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2005.03.22 08:00:58 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.02.17 08:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005.01.16 15:48:00 | 001,036,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2005.01.16 15:48:00 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.01.16 15:48:00 | 000,163,328 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2004.12.21 23:23:34 | 000,186,240 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2004.10.15 16:26:00 | 000,057,088 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\R592.sys -- (R592) DRV - [2004.10.15 16:26:00 | 000,027,264 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys -- (risdpntk) DRV - [2004.08.13 16:38:18 | 000,140,544 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB) DRV - [2004.07.06 19:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D) DRV - [2004.06.01 18:04:00 | 000,142,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp) DRV - [2001.08.17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [2000.03.29 14:17:42 | 000,005,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio) DRV - [1997.04.22 18:16:00 | 000,006,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2006.12.08 14:35:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2006.12.08 14:35:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Programme\Mozilla Sunbird\components [2010.06.02 08:36:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Programme\Mozilla Sunbird\plugins [2008.09.06 08:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Extensions [2006.12.08 14:35:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\extensions [2010.04.27 11:46:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.07 20:45:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.09.17 13:57:46 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.27 10:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.27 12:37:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.10 18:18:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\extensions\illimitux@illimitux.net [2009.05.27 22:33:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\extensions\moveplayer@movenetworks.com [2010.06.27 10:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\extensions\toolbar@ask.com [2010.04.27 11:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\extensions\youtube2mp3@mondayx.de [2010.06.02 08:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Sunbird\Profiles\dhaqgj61.default\extensions [2010.07.15 23:05:16 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\jcrjv9b6.default\searchplugins\conduit.xml [2006.12.08 14:35:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.12.08 14:35:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.07.02 07:50:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2008.09.04 15:48:26 | 000,000,000 | ---D | M] (Smart Notebook Extension) -- C:\Programme\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262} [2005.08.17 10:49:08 | 000,036,864 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npSfAppM.dll [2010.04.12 17:29:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.04.04 14:07:26 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.04 14:07:26 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.04 14:07:26 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.04 14:07:26 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.04 14:07:26 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ASUS Live Update] C:\Programme\Asus\ASUS Live Update\ALU.exe () O4 - HKLM..\Run: [ASUS Probe] C:\Programme\Asus\ASUS Probe\AsusProb.exe (ASUSTeK Computer Inc) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [Wireless Console] C:\Programme\Asus\Wireless Console\wcourier.exe () O4 - HKLM..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd File not found O4 - HKCU..\Run: [BitTorrent] C:\Programme\BitTorrent\bittorrent.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ASUS ChkMail.lnk = C:\Programme\Asus\Asus ChkMail\ChkMail.exe (asus) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScConfig2500USB.lnk = C:\Programme\Sphairon\UB801R USB Wireless LAN Card\Installer\WINXP\ScConfig2500USB.exe (Sphairon Access Systems GmbH) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165435245078 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.12.06 19:58:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [1998.12.13 16:43:32 | 000,000,040 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{05612eaa-2e90-11dd-91cc-00150015c83e}\Shell\AutoRun\command - "" = J:\EmDesk.exe -- File not found O33 - MountPoints2\{05612eaa-2e90-11dd-91cc-00150015c83e}\Shell\EmDesk\command - "" = J:\EmDesk.exe -- File not found O33 - MountPoints2\{7123169a-c957-11de-9710-00150015c83e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7123169a-c957-11de-9710-00150015c83e}\Shell\AutoRun\command - "" = G:\sejo\\kalac.exe -- File not found O33 - MountPoints2\{7123169a-c957-11de-9710-00150015c83e}\Shell\explore\command - "" = G:\sejo\kalac.exe -- File not found O33 - MountPoints2\{7123169a-c957-11de-9710-00150015c83e}\Shell\open\command - "" = G:\sejo\\kalac.exe -- File not found O33 - MountPoints2\{793f7596-e780-11db-8e13-00150015c83e}\Shell\AUToPlAy\cOmmand - "" = uehwd.pif O33 - MountPoints2\{793f7596-e780-11db-8e13-00150015c83e}\Shell\AutoRun\command - "" = uehwd.pif O33 - MountPoints2\{793f7596-e780-11db-8e13-00150015c83e}\Shell\eXploRE\COmMANd - "" = uehwd.pif O33 - MountPoints2\{793f7596-e780-11db-8e13-00150015c83e}\Shell\opeN\cOmmanD - "" = uehwd.pif O33 - MountPoints2\{9ea50ab4-6203-11dc-8f39-00150015c83e}\Shell - "" = AutoRun O33 - MountPoints2\{9ea50ab4-6203-11dc-8f39-00150015c83e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9ea50ab4-6203-11dc-8f39-00150015c83e}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{9ea50ab5-6203-11dc-8f39-00150015c83e}\Shell - "" = AutoRun O33 - MountPoints2\{9ea50ab5-6203-11dc-8f39-00150015c83e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9ea50ab5-6203-11dc-8f39-00150015c83e}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{a715d74a-7a77-11dd-92dc-00150015c83e}\Shell\AutoRun\command - "" = G:\jdhc2x2.com -- File not found O33 - MountPoints2\{a715d74a-7a77-11dd-92dc-00150015c83e}\Shell\explore\Command - "" = G:\jdhc2x2.com -- File not found O33 - MountPoints2\{a715d74a-7a77-11dd-92dc-00150015c83e}\Shell\open\Command - "" = G:\jdhc2x2.com -- File not found O33 - MountPoints2\{c4abfdaa-47fa-11df-98b3-00150015c83e}\Shell - "" = AutoRun O33 - MountPoints2\{c4abfdaa-47fa-11df-98b3-00150015c83e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c4abfdaa-47fa-11df-98b3-00150015c83e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{f7361e14-6109-11de-95d1-00150015c83e}\Shell\AutoRun\command - "" = p6xebrnt.exe O33 - MountPoints2\{f7361e14-6109-11de-95d1-00150015c83e}\Shell\open\Command - "" = p6xebrnt.exe O33 - MountPoints2\{f74e6bd2-98d8-11db-8d29-00150015c83e}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O33 - MountPoints2\{fd15f162-a5e1-11dd-938f-00150015c83e}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe O33 - MountPoints2\{fd15f162-a5e1-11dd-938f-00150015c83e}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe O33 - MountPoints2\{fff3594c-a2e7-11df-9a00-00150015c83e}\Shell - "" = Autorun O33 - MountPoints2\{fff3594c-a2e7-11df-9a00-00150015c83e}\Shell\AutoRun\command - "" = G:\Install_Nokia_Ovi_Suite.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation) Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation) Unable to start service SrService! ========== Files/Folders - Created Within 30 Days ========== [2010.09.28 17:31:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.09.28 17:29:59 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.09.28 17:19:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Malwarebytes [2010.09.28 17:18:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.28 17:18:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.09.28 17:18:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.28 17:18:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.28 17:15:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Desktop\MFTools [2010.09.24 08:16:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2010.09.24 08:13:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2010.09.24 07:27:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\ForceField Shared Files [2010.09.24 07:27:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\CheckPoint [2010.09.24 07:21:20 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2010.09.24 07:21:09 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll [2010.09.22 14:42:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Zuveiq [2010.09.22 14:42:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Xatoag [2010.09.17 08:53:44 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010.09.16 23:02:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Nokia [2010.09.16 23:01:39 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2010.09.16 23:01:38 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2010.09.16 23:01:31 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2010.09.16 23:00:56 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll [2010.09.16 19:28:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010.09.16 19:26:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache [2010.09.16 19:26:23 | 000,000,000 | ---D | C] -- C:\Programme\Nokia [2010.09.09 19:41:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.28 18:01:02 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.09.28 17:53:32 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.09.28 17:53:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.28 17:53:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.28 17:51:54 | 009,437,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\Andreas\NTUSER.DAT [2010.09.28 17:51:54 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Andreas\ntuser.ini [2010.09.28 17:49:58 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\defogger_reenable [2010.09.28 17:30:02 | 000,000,495 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\NTREGOPT.lnk [2010.09.28 17:30:02 | 000,000,476 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\ERUNT.lnk [2010.09.28 17:18:54 | 000,000,580 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:17:20 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\Gmer.zip [2010.09.28 17:17:20 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\defogger.exe [2010.09.28 14:18:20 | 000,323,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\liste_1_A3+-+SEKT.pdf [2010.09.28 14:18:02 | 000,392,278 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\liste_2_A3+-+THEKE+L-R.pdf [2010.09.24 07:21:18 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010.09.23 13:18:56 | 000,003,340 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\bahncardabokuendigung.pdf [2010.09.20 19:20:34 | 000,000,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\grstyles.stl [2010.09.18 18:32:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.16 23:33:32 | 001,392,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\DSCN0177.JPG [2010.09.16 19:36:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2010.09.16 19:30:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.09.16 19:30:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.09.16 19:28:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010.09.10 21:40:18 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.09.09 21:34:02 | 000,071,680 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.09 19:40:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.09.08 11:51:20 | 000,012,862 | ---- | M] () -- C:\WINDOWS\EPISMG00.SWB [2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.28 17:49:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\defogger_reenable [2010.09.28 17:30:00 | 000,000,495 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\NTREGOPT.lnk [2010.09.28 17:30:00 | 000,000,476 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\ERUNT.lnk [2010.09.28 17:18:52 | 000,000,580 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.28 17:16:39 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\defogger.exe [2010.09.28 17:16:03 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\Gmer.zip [2010.09.28 14:18:18 | 000,323,525 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\liste_1_A3+-+SEKT.pdf [2010.09.28 14:17:59 | 000,392,278 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\liste_2_A3+-+THEKE+L-R.pdf [2010.09.24 07:21:17 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2010.09.23 13:18:54 | 000,003,340 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\bahncardabokuendigung.pdf [2010.09.16 23:33:24 | 001,392,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\DSCN0177.JPG [2010.09.16 19:36:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2010.09.16 19:28:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010.01.16 22:09:41 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.01.16 22:09:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.11.29 10:57:58 | 000,011,763 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini [2009.04.02 11:10:53 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2008.11.26 23:26:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.02.09 22:31:26 | 000,044,440 | ---- | C] () -- C:\WINDOWS\System32\MtpAccess.dll [2007.12.09 16:11:03 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2007.10.11 11:30:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\install2500USB.dll [2007.10.11 11:30:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll [2007.10.11 11:30:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SmartInstallCfg2.dll [2007.09.27 15:58:42 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.07.28 17:08:15 | 000,029,744 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll [2007.07.28 17:07:12 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2007.05.29 14:19:05 | 000,001,400 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\default.cfg [2007.05.01 22:05:52 | 000,007,918 | ---- | C] () -- C:\WINDOWS\Accord50.Ini [2007.03.25 21:28:59 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2007.01.02 22:38:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.12.13 20:22:09 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006.12.07 13:13:21 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006.12.07 10:39:50 | 000,071,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.06 21:34:42 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.12.06 20:25:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.12.06 20:21:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2006.12.06 20:07:22 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\ASLM75.SYS [2006.12.06 20:07:21 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS [2006.12.06 20:04:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.12.06 20:01:28 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.12.06 19:39:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2004.09.07 16:34:59 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2004.09.07 16:34:59 | 000,002,540 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010.09.28 17:52:50 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2007.09.30 20:01:08 | 000,003,309 | ---- | M] () -- C:\wlan-01.txt [2005.06.08 20:36:00 | 000,524,288 | RH-- | M] () -- C:\A6VA.bin [2005.06.07 20:28:56 | 000,524,288 | RH-- | M] () -- C:\A6VC.bin [2003.11.05 17:02:30 | 000,000,006 | ---- | M] () -- C:\A6V.20 [2004.08.04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2010.05.06 07:57:40 | 000,251,712 | RHS- | M] () -- C:\ntldr [2004.08.04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004.09.07 13:21:36 | 000,000,014 | ---- | M] () -- C:\XPHG_SP2.GER [2005.05.16 23:49:14 | 000,000,038 | ---- | M] () -- C:\RECOVERY.DAT [2010.08.22 13:09:46 | 000,002,538 | ---- | M] () -- C:\hpfr5100.log [2006.12.08 13:47:44 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2006.12.06 19:58:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2006.12.06 19:58:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2006.12.06 19:58:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006.12.06 19:58:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2007.09.30 20:01:20 | 000,215,536 | ---- | M] () -- C:\wlan-01.cap [2007.10.01 10:21:36 | 000,009,248 | ---- | M] () -- C:\wlan-02.txt [2007.10.01 10:21:50 | 000,554,326 | ---- | M] () -- C:\wlan-02.cap [2007.10.01 16:13:32 | 000,008,942 | ---- | M] () -- C:\wlan-02.cap-01.txt [2007.10.01 16:13:44 | 016,184,405 | ---- | M] () -- C:\wlan-02.cap-01.cap [2007.10.01 17:53:08 | 000,000,384 | ---- | M] () -- C:\alice01.cap-01.txt [2007.10.01 17:51:08 | 000,000,015 | ---- | M] () -- C:\alice01.cap-01.ivs [2007.12.27 23:24:08 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt [2010.04.11 15:31:22 | 000,003,072 | -HS- | M] () -- C:\Thumbs.db [2007.12.27 23:37:08 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007.12.27 23:24:08 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2007.12.27 23:24:08 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007.12.27 23:24:20 | 000,000,843 | ---- | M] () -- C:\install.ini [2007.12.27 23:51:02 | 000,234,496 | ---- | M] () -- C:\VC_RED.MSI [2007.12.27 23:24:08 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007.12.27 23:48:06 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2006.12.06 20:24:34 | 000,000,009 | ---- | M] () -- C:\Finish.log < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.12.06 19:57:56 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2003.06.18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [2007.02.27 17:34:28 | 000,250,368 | R--- | M] (CIB software GmbH, München) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CIBpdfPP.dll [2008.07.06 12:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe [2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2006.12.06 20:21:30 | 000,503,808 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\Asus_A6_ScreenSaver.scr < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > [2007.03.28 19:21:34 | 000,001,594 | -H-- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft\LastFlashConfig.WFC < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.12.06 19:50:34 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [2006.12.06 19:50:34 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006.12.06 19:50:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav < %systemroot%\system32\user32.dll /md5 > [2008.04.14 03:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.04.14 03:22:32 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2008.04.14 03:22:32 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll < MD5 for: EXPLORER.EXE > [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:46 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-17 06:55:58 < End of report > |
|
28.09.2010, 18:03
| #2 |
| | tr/spy.zbot.apcm tan abfrage. Hier die LOG Files Extras.txt
__________________Code:
ATTFilter OTL Extras logfile created on: 28.09.2010 18:15:50 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Dokumente und Einstellungen\Andreas\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 372,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,14 Gb Total Space | 2,28 Gb Free Space | 2,45% Space Free | Partition Type: FAT32
Drive D: | 691,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANDI
Current User Name: Andreas
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [CEWE FOTOSCHAU] -- "C:\Programme\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Programme\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe" = C:\Programme\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:*:Enabled:Earth 2160 -- File not found
"C:\Programme\Reality Pump\Earth 2160\Earth2160_SSE.exe" = C:\Programme\Reality Pump\Earth 2160\Earth2160_SSE.exe:*:Enabled:Earth 2160 -- File not found
"C:\Programme\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Dokumente und Einstellungen\Andreas\Desktop\Terran_Demo_German_SUB.avi-downloader.exe" = C:\Dokumente und Einstellungen\Andreas\Desktop\Terran_Demo_German_SUB.avi-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Dokumente und Einstellungen\Andreas\Desktop\1280_StarCraft2GameplayVideo_German2-avi-downloader.exe" = C:\Dokumente und Einstellungen\Andreas\Desktop\1280_StarCraft2GameplayVideo_German2-avi-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\Winamp Remote\BIN\Orb.exe" = C:\Programme\Winamp Remote\BIN\Orb.exe:*:Enabled:Orb -- File not found
"C:\Programme\Winamp Remote\BIN\OrbTray.exe" = C:\Programme\Winamp Remote\BIN\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Programme\Winamp Remote\BIN\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\BIN\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\WINDOWS\System32\muzapp.exe" = C:\WINDOWS\System32\muzapp.exe:*:Enabled:MUZ AOD APP player -- File not found
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" = C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\WINDOWS\EXPLORER.EXE" = C:\WINDOWS\EXPLORER.EXE:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01C8EF48-D666-4DDD-986E-CDE8E1DCF485}" = Ovi Desktop Sync Engine
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1597D0AE-34A7-4A8B-A395-2E30EB745470}" = Nokia Connectivity Cable Driver
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218D629E-8D06-4B23-A238-EB869770B6CC}" = MSVC90_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B97D-C991-438F-BC44-294C931E7B8B}" = SMART Essentials for Educators
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{499B65FF-C8A9-478C-BD83-3E25714D72C9}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5E971881-1924-48D1-9C16-AB7AD61FEFF3}" = CambridgeSoft ChemDraw Ultra 11.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{68D8533B-9EE7-46AB-B8B2-D643F888C5DF}" = ASUS GameFace Live
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console
"{863F58EF-467F-4BCC-A40B-D2304630DEA1}" = CambridgeSoft Activation Client
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91CBABA8-2E52-4EFF-A4A6-26BE8C63CEB7}" = Nokia Ovi Suite Software Updater
"{925936AC-9C9A-4897-874B-60961AAB6D52}" = Disc2Phone
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF60CBA9-8B7C-4237-A5DC-C3142AE96926}" = SciFinder Scholar
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.9
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XI (Win64/32/CE)
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.1.7
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1692C91-2400-4223-BD5E-69AB99C84C64}" = Sphairon USB Wireless LAN Card
"{F584F82F-79D5-4744-A702-E5BC4E8FBC83}" = OviMPlatform
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AccelrysAccordSDK51RT" = Accord SDK 5.1 Runtime
"ACDLabs in C__Programme_ACDFREE11_" = ACD/Labs Software in C:\Programme\ACDFREE11\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Asus ChkMail" = Asus ChkMail
"ASUS Live Update" = ASUS Live Update
"ASUS Probe V2.11" = ASUS Probe V2.11
"Asus_A6_ScreenSaver" = Asus_A6_ScreenSaver
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Dee3wa2" = Dee3 for Winamp2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"FileZilla" = FileZilla (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.12.1 rev a (nur entfernen)
"HControl" = ATK0100 ACPI UTILITY
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 5100 series_Driver" = hp deskjet 5100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06
"InstallShield_{5E971881-1924-48D1-9C16-AB7AD61FEFF3}" = CambridgeSoft ChemDraw Ultra 11.0
"InstallShield_{68D8533B-9EE7-46AB-B8B2-D643F888C5DF}" = ASUS GameFace Live
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MestReC_is1" = MestReC 4.7.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MSNINST" = MSN
"myphotobook" = myphotobook 3.6
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnlineFotoservice" = OnlineFotoservice
"PanoramaStudio" = PanoramaStudio 1.4 (deinstallieren)
"PDF Converter_is1" = PDF Converter 1.4
"PokerStars.net" = PokerStars.net
"Pontifex Demo" = Pontifex Demo
"ProInst" = Intel(R) PROSet/Wireless Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.96
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.09.2010 02:01:01 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 7.0.8.218, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010a19.
Error - 28.09.2010 02:01:18 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 7.0.8.218, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00011689.
Error - 28.09.2010 06:22:01 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hcontrol.exe, Version 1043.2.15.48, fehlgeschlagenes
Modul hcontrol.exe, Version 1043.2.15.48, Fehleradresse 0x000099f2.
Error - 28.09.2010 10:55:18 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hcontrol.exe, Version 1043.2.15.48, fehlgeschlagenes
Modul hcontrol.exe, Version 1043.2.15.48, Fehleradresse 0x000099f2.
Error - 28.09.2010 11:25:19 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hcontrol.exe, Version 1043.2.15.48, fehlgeschlagenes
Modul hcontrol.exe, Version 1043.2.15.48, Fehleradresse 0x000099f2.
Error - 28.09.2010 11:26:07 | Computer Name = ANDI | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 28.09.2010 11:46:47 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hcontrol.exe, Version 1043.2.15.48, fehlgeschlagenes
Modul hcontrol.exe, Version 1043.2.15.48, Fehleradresse 0x000099f2.
Error - 28.09.2010 11:47:29 | Computer Name = ANDI | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 28.09.2010 11:54:06 | Computer Name = ANDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung hcontrol.exe, Version 1043.2.15.48, fehlgeschlagenes
Modul hcontrol.exe, Version 1043.2.15.48, Fehleradresse 0x000099f2.
Error - 28.09.2010 11:54:56 | Computer Name = ANDI | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
[ System Events ]
Error - 28.09.2010 11:26:07 | Computer Name = ANDI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 28.09.2010 11:46:15 | Computer Name = ANDI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpdj" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error - 28.09.2010 11:46:58 | Computer Name = ANDI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
Error - 28.09.2010 11:47:29 | Computer Name = ANDI | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 28.09.2010 11:47:29 | Computer Name = ANDI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 28.09.2010 11:53:39 | Computer Name = ANDI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpdj" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error - 28.09.2010 11:54:56 | Computer Name = ANDI | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 28.09.2010 11:54:56 | Computer Name = ANDI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 28.09.2010 12:16:27 | Computer Name = ANDI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 28.09.2010 12:16:27 | Computer Name = ANDI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
< End of report >
|
|
28.09.2010, 18:04
| #3 |
| | tr/spy.zbot.apcm tan abfrage. Hier die LOG Files Die Gmer.txt Datei hat doch viel zu viel Zeichen ??? Oder postet man die logs anders ?
__________________ |
|
| Themen zu tr/spy.zbot.apcm tan abfrage. Hier die LOG Files |
| .com, 0x00000001, acroiehelper.dll, adobe, antivir, ask toolbar, ask.com, avgntflt.sys, avira, bho, bonjour, components, converter, desktop, einstellungen, error, excel.exe, firefox, format, home, location, log file, log files, logfile, monitor, mozilla, mp3, object, oldtimer, online banking, otl logfile, plug-in, popup, realtek, registry, searchplugins, senden, software, tan-abfrage, torrent.exe, tr/spy.zbot.apcm, trojan.zbotr.gen, usb, wireless lan |
Linear-Darstellung
