TR/EyeStye.H.163 in C:\moonxxxxxx.exe

Lätta · 15.03.2011, 10:59

Hallo!

Bei meinem Postbank Online Banking wurde von besagtem Virus versucht, meine TANs abzugreifen, woraufhin ich - wie im Forum beschrieben - Virenscans von Malwarebytes und OTL gemacht habe. Die gefundenen Trojaner habe ich gelöscht. Muss ich zur Sicherheit das System neu aufsetzen? Wie sicher sind meine Passwörter noch? Ist ein Masterpasswort sicherer?

1. Hier das Logfile von Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6062

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

15.03.2011 10:05:08
mbam-log-2011-03-15 (10-05-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150390
Laufzeit: 5 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\moonxxxxxx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\recycle.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\moonxxxxxx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\recycle.bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\recycle.bin\recycle.bin.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.

2. Die Logs von OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.03.2011 10:36:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,17 Gb Total Space | 39,63 Gb Free Space | 35,65% Space Free | Partition Type: NTFS
Drive D: | 121,72 Gb Total Space | 9,05 Gb Free Space | 7,43% Space Free | Partition Type: NTFS
 
Computer Name: LÄTTA-PC | User Name: Lätta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\OTL Virenscan.exe File not found
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Lätta\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
PRC - C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo)
PRC - C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Programme\OTL Virenscan.exe File not found
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (JuniperAccessService) -- C:\Programme\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks)
SRV - (VideoAcceleratorService) -- C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (FNF5SVC) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PMSveH) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech )
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B 16 44 88 0F 80 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.04.18 21:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 19:50:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 16:22:28 | 000,000,000 | ---D | M]
 
[2008.10.02 10:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lätta\AppData\Roaming\mozilla\Extensions
[2011.03.14 17:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions
[2010.07.12 22:18:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.01 23:08:43 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.12 15:10:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.12.08 23:22:39 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.03.06 08:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}-trash
[2011.03.06 08:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lätta\AppData\Roaming\mozilla\Firefox\Profiles\pmmn0qg3.default\extensions\pink-bee@loic.com
[2011.03.10 10:19:56 | 000,000,950 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\icqplugin-1.xml
[2009.08.27 09:26:19 | 000,000,950 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\icqplugin-2.xml
[2009.09.23 16:53:35 | 000,000,950 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\icqplugin-3.xml
[2009.10.29 09:42:32 | 000,000,950 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\icqplugin-4.xml
[2009.07.22 07:46:53 | 000,000,950 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\icqplugin.xml
[2009.12.08 23:22:28 | 000,003,915 | ---- | M] () -- C:\Users\Lätta\AppData\Roaming\Mozilla\Firefox\Profiles\pmmn0qg3.default\searchplugins\sweetim.xml
[2011.03.14 17:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.28 16:39:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.19 08:20:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 08:28:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 22:32:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.11 19:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.11 01:32:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.04.18 21:47:10 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010.08.28 16:39:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2008.10.02 10:28:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008.12.16 22:46:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.01.27 20:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.28 09:44:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.01.06 22:55:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.06 08:19:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.04.19 08:20:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 08:28:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 22:32:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.11 19:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.11 01:32:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\LÃ¤TTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PMMN0QG3.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\LÃ¤TTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PMMN0QG3.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\LÃ¤TTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PMMN0QG3.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.05 16:22:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.05 16:22:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.05 16:22:25 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.05 16:22:25 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.05 16:22:25 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.17 23:23:55 | 000,000,937 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Buyertools) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\Programme\Buyertools Reminder\IEButtonBuyertoolsInterface.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Programme\Buyertools Reminder\ReminderIE.exe ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Lätta Stuff\Pix\Bowie\david_bowie_wallpaper_by_johnnypf-d344vv6.jpg
O24 - Desktop BackupWallPaper: D:\Lätta Stuff\Pix\Bowie\david_bowie_wallpaper_by_johnnypf-d344vv6.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.15 10:28:50 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Programme\OTL Virenscan.exe
[2011.03.11 01:32:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.11 01:32:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.11 01:32:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.09 20:34:21 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 20:34:21 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 20:34:21 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 20:34:21 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.09 13:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.01 23:08:48 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2011.03.01 21:15:46 | 000,000,000 | ---D | C] -- C:\Users\Lätta\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.01 21:15:19 | 000,000,000 | ---D | C] -- C:\Programme\Youtube Converter
[2011.02.28 19:02:08 | 010,405,274 | ---- | C] (Macromedia, Inc.) -- C:\Windows\Ziggy Stardust.exe
[2011.02.28 19:02:08 | 000,381,636 | ---- | C] (MacSourcery) -- C:\Windows\Ziggy Stardust.scr
[2011.02.28 19:02:08 | 000,040,960 | ---- | C] (MacSourcery) -- C:\Windows\Ziggy Stardust.dll
[2011.02.24 08:33:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.24 08:30:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.24 08:30:46 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.24 08:30:46 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.24 08:30:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.24 08:30:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.24 08:30:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.24 08:30:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.24 08:30:40 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.24 08:30:40 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.24 08:30:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.24 08:30:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.24 08:30:30 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.24 08:30:30 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.02.24 08:30:30 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.24 08:30:30 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.24 08:30:30 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2010.12.09 18:26:25 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Programme\QuickTimeInstaller.exe
[2010.07.29 15:55:14 | 001,391,616 | ---- | C] (Irfan Skiljan) -- C:\Programme\iview_427_setup.exe
[2009.11.11 22:54:47 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7B37.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.15 10:35:53 | 000,000,708 | ---- | M] () -- C:\Users\Lätta\Desktop\OTL Virenscan.exe - Verknüpfung.lnk
[2011.03.15 10:28:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL Virenscan.exe
[2011.03.15 10:07:43 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2011.03.15 10:07:12 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.15 10:07:10 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.15 10:07:10 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.15 10:07:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.15 10:06:52 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.15 10:05:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.15 09:57:36 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.15 09:57:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962289449-4030429664-270294031-1000UA.job
[2011.03.15 09:51:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.14 17:16:21 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{27E3785D-F620-427C-88C4-DE2BAC273D02}.job
[2011.03.14 10:57:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962289449-4030429664-270294031-1000Core.job
[2011.03.11 17:32:25 | 000,000,591 | ---- | M] () -- C:\Users\Lätta\Desktop\Uni - Verknüpfung.lnk
[2011.03.11 17:31:03 | 000,000,457 | ---- | M] () -- C:\Users\Lätta\Desktop\Lätta Stuff.lnk
[2011.03.11 10:52:02 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.11 10:52:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.11 10:52:02 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.11 10:52:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.09 13:57:24 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.07 10:23:58 | 000,040,014 | ---- | M] () -- C:\Users\Lätta\Documents\cc_20110307_102348.reg
[2011.03.01 21:15:51 | 000,001,038 | ---- | M] () -- C:\Users\Lätta\Desktop\DVDVideoSoft Free Studio.lnk
[2011.03.01 21:15:24 | 000,001,232 | ---- | M] () -- C:\Users\Lätta\Desktop\Free YouTube to MP3 Converter.lnk
[2011.02.28 19:02:08 | 010,405,274 | ---- | M] (Macromedia, Inc.) -- C:\Windows\Ziggy Stardust.exe
[2011.02.28 19:02:08 | 000,381,636 | ---- | M] (MacSourcery) -- C:\Windows\Ziggy Stardust.scr
[2011.02.28 19:02:08 | 000,040,960 | ---- | M] (MacSourcery) -- C:\Windows\Ziggy Stardust.dll
[2011.02.27 15:50:05 | 000,000,034 | ---- | M] () -- C:\Windows\cdplayer.ini
[2011.02.18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
 
========== Files Created - No Company Name ==========
 
[2011.03.15 10:35:53 | 000,000,708 | ---- | C] () -- C:\Users\Lätta\Desktop\OTL Virenscan.exe - Verknüpfung.lnk
[2011.03.09 13:57:24 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.07 10:23:50 | 000,040,014 | ---- | C] () -- C:\Users\Lätta\Documents\cc_20110307_102348.reg
[2011.03.01 21:15:24 | 000,001,232 | ---- | C] () -- C:\Users\Lätta\Desktop\Free YouTube to MP3 Converter.lnk
[2011.02.27 15:50:05 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.02.24 08:30:32 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.24 08:30:32 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.24 08:30:32 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.10.03 11:06:50 | 000,083,076 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.08.01 13:46:05 | 000,001,320 | ---- | C] () -- C:\Programme\NfUdOua1.htm.part.htm
[2010.07.29 17:59:56 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.21 07:09:47 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.02.08 00:16:50 | 018,499,623 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2009.09.24 07:16:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 07:16:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.24 07:15:43 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.08.28 09:20:05 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009.01.13 11:29:00 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.10.06 12:24:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.03 10:02:45 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008.10.02 18:19:42 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.10.02 10:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.02 09:47:06 | 000,024,064 | ---- | C] () -- C:\Users\Lätta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.02 09:39:32 | 000,001,356 | ---- | C] () -- C:\Users\Lätta\AppData\Local\d3d9caps.dat
[2008.10.02 09:26:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008.01.21 09:24:09 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:24:09 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:24:09 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:24:09 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 03:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.02.22 09:14:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1214.dll
[2007.02.22 08:46:00 | 000,701,840 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006.11.02 13:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:46:27 | 000,253,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
< End of report >

--- --- ---

3. Das zweite OTL Log:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 15.03.2011 10:36:29 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,17 Gb Total Space | 39,63 Gb Free Space | 35,65% Space Free | Partition Type: NTFS
Drive D: | 121,72 Gb Total Space | 9,05 Gb Free Space | 7,43% Space Free | Partition Type: NTFS
 
Computer Name: LÄTTA-PC | User Name: Lätta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC Media Player\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VLC Media Player\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12531FBD-8AF9-465F-98CD-4D0D37D5AE10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1CA803CE-F5AA-4759-AAAF-4C8E82A94D38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{23FEF789-6434-40EF-98AA-C26457A027BC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2CE74E01-2EBE-49E4-BC15-79759CD31DC4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{40A0B431-CB09-4DEB-BD78-2430338A3A25}" = lport=445 | protocol=6 | dir=in | app=system | 
"{57686CE2-DEC1-434F-8DA3-22EAB2E2C770}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7AF7BA1C-7612-410C-8994-B81F5F5D46DC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7B98383B-006F-4FB2-806F-49240707378B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{952A2255-C274-4237-8C77-81272A30D359}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9BF5B41E-ADD4-4A32-BB83-D90EB6D623A3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B74FF30C-5962-4B01-B280-820659FE3BBF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C1F82C42-D32A-458F-BC5E-906852D8ECB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C6BF5B92-1383-4FFE-99C8-23A1A0E70E22}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD03A6F2-AF60-4259-B718-4B9CF86A61A8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CECF8136-5E12-447C-99D1-907B6F7AF134}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DF8B6019-56FE-4947-A655-E56B75B56519}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E2ED7A09-1887-4453-B986-4DF5A29196B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EAAB7755-0A01-4E6A-907A-0C7601A265D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FCCE7A5A-AE86-4DE1-8C9E-71B074600943}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E1A42F-BF52-4611-8CC8-59F6E5103E12}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{0BC01314-A14D-4233-BEFC-3B39D87E545E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F8D24FD-82FB-4FB9-8CA4-E7618D6026B0}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{1044342C-C302-4A1B-98DF-E5C133AB6A9B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{11FA1E81-C95F-4DCF-8B2E-AAF4A5AEA0D4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{16A128CA-CAE9-40C9-B593-9F0EB22269B7}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{198FD1F5-6140-40D6-9F28-BBA23C1399DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{19E24F77-5C45-4B5D-8024-B4053F028369}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1C83542E-14DB-4132-BF96-98306434FB47}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{1F32A3E1-7369-4D25-9D91-E47DF3E29631}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{191a62aa-eb3e-490a-b617-0224787ad9c5}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{256DA84B-B226-4172-B548-16ADCFC99ECB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2CE2C4B9-3C73-4980-9BBA-D8D283FDD9A1}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{2c4e5791-ef2e-451b-a278-f6f4a98297bc}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{2ED4F240-5E47-423F-A264-8485CFD44083}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3253C308-39F2-4BFF-AE97-879A0E54D8E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{34242FB8-27C0-4B71-8F69-16C9821E7BED}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{db8f8d51-9e7a-4db9-afe4-078d09057fc4}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{364C8EBA-313E-4BED-A462-226ED35B8689}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3C5762B8-B989-42F8-87B6-F645A54BD751}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{3F7734AD-FB6D-410A-9765-90FCC70C2F14}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{7318de82-0e45-4af8-bdf2-6c89808be92f}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{44362347-5C72-41E2-8702-B013C467DFD3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4484C1A5-B5E8-4037-9039-B7D7B821BD49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{44CBD963-982A-4D06-A2D5-5D0613BD6912}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45F41E86-4167-4CAB-BA55-F01C9B9846DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{48F69CDC-6683-4FCE-B40B-466A024AF4CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B127985-8157-475C-B179-1E2E4F2389C5}" = protocol=6 | dir=out | app=system | 
"{4B2AF09D-D7BF-4CBC-AB04-671DBDE486AE}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{e818ace7-c229-4b99-b289-d75590aad356}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{535A8419-AB4A-4C74-9926-643DDCCDECC1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{5579D968-2C3E-4EA9-B8A4-14905C84A9DF}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{5BD0E09E-E0A3-4FC8-9C59-306BF8561E79}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5EA3A245-D238-4A8A-948F-B6D2180D8E3C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66EE6A83-17CC-4850-9A48-782FBB5CCB04}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{681339BB-01DA-4BC0-AAC4-020EC7166ECB}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{6CD7D174-187E-4C48-A9E5-2C8B06176135}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{728B7D39-2203-4221-A8BF-C8BC4056D859}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.dll | 
"{77DB064E-8F9E-4EB9-B7EA-96D01F0D99B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{79F63AC5-2624-4D91-B73F-EFFDF0A2EE36}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{7A4E0990-FAE7-40F9-88B0-C73233AE8DAC}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{7CD9D74A-335B-4F57-B4A9-CD776AA306D2}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{7318de82-0e45-4af8-bdf2-6c89808be92f}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{81C707EF-DEF1-428D-86B6-48A9C871A092}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{8665A969-BFD4-4900-A1E3-35490E94B587}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{191a62aa-eb3e-490a-b617-0224787ad9c5}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{89BE2F5C-9EB8-455B-AAD7-0CFB713915E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8B0BF03E-1FE5-46D0-91DD-797BF5A0F8FE}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{dd01eac0-7e31-4b50-9009-189707d7fded}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{8D053747-34B0-497A-880F-2F4556285BF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9188D2E6-660A-415C-8385-607255A218CC}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{91F01FBA-7E3C-4738-BCD7-58DE136C6FB1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{9653F135-B697-4648-9CE0-F19BCC907774}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{974EFA48-8E64-46BC-8E3B-5F45AD5B0C72}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9877629D-85C6-44CE-9995-454E7C8A15E3}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{be83b468-73b8-4908-9ef2-22d19709b8e9}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{A1763436-55D7-4E9D-96D0-64A70BDFC5BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A6B71200-FE10-4767-BFF1-A2985990DC3E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A7897400-FF49-417E-AD95-BAF607434D14}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{be83b468-73b8-4908-9ef2-22d19709b8e9}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{ADC88AAA-F214-4435-B9FF-5F9405A59073}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{e818ace7-c229-4b99-b289-d75590aad356}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{ADF6FDD0-F875-4836-B792-2A3644022980}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BD6F2CD4-C72F-4F68-8838-D06E5669A83C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{C09B3841-F2F6-4481-B976-04B3F838299C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C3F2F912-5399-4AF0-888B-ADD8A3F1C623}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C85D54E0-B3E8-4100-8E1A-E9C392AAC8DC}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{D015D9C3-5A97-496D-AE1A-3BA543DE557F}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{D0ACBB32-7FAF-4960-A643-07CE6E48D007}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{D38D227A-DE02-4D43-A290-F4E9533CF3EE}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\google\google talk plugin\googletalkplugin.dll | 
"{DB4E5A3B-98F3-4216-A0A6-CDDFECE23E5B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{DCA0DF42-B1C6-4ACE-A754-9641DF1E1C30}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{2c4e5791-ef2e-451b-a278-f6f4a98297bc}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{DD2407BB-5969-4F6B-BB3A-E647686910BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD43A023-B4FA-4BF6-9FF1-06952B970859}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{db8f8d51-9e7a-4db9-afe4-078d09057fc4}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{DD54E958-DE04-4D35-9535-98E783EDE20F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{DEED9EEA-E964-49B1-AD24-EFDBE8B6898E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E207445C-18A8-43DA-AA59-A388EA861D46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E2B65363-9A4C-45DD-8CC5-ADA0CD419CF6}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{E7D00BBE-3135-40C9-A830-ABF87CF3859C}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{40aaad67-4725-4673-ba3b-5996349fb873}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{E99A4E04-2111-474D-87A2-5DB3BB5502E1}" = protocol=17 | dir=in | app=c:\users\lätta\appdata\local\temp\{40aaad67-4725-4673-ba3b-5996349fb873}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{EAF4FD9D-5E82-44D9-B108-E1B68B1BEBB5}" = protocol=6 | dir=in | app=c:\users\lätta\appdata\local\temp\{dd01eac0-7e31-4b50-9009-189707d7fded}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"TCP Query User{0BD67CFF-0B54-4179-8406-D83BC135C4A0}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{4442AFEE-1AFD-4C42-AF80-35E15C7FC9CC}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{685E4090-39FA-49CD-A47A-FE434FA8E5E4}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{7F7301EA-87F3-40B1-8F91-C237ED82258D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{D3987A54-1836-4EE4-AC21-D113178C5220}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{DDE5EC26-4073-4888-AB59-FFAF8B65F1B4}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{FD0AB29A-5062-456D-A27C-5E6994BB5778}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{FDE96826-2307-4BCF-9470-46F93805C7B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{147FBAFA-2BDB-4997-B7B8-1EE839C341D3}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{181AF3AC-B077-4CE6-920A-0F79177F5546}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{208A18A3-B2A7-4C81-8B95-C50F5D675D60}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{2EA0F319-B77D-462B-9774-73E2A176E939}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{4C72DB8C-5357-4306-A497-3D1EBD1B296C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{6E01B844-F3F1-459D-8D77-8EDCB6842837}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{7CCA3111-DDF7-4290-88EB-FAD1ECC45611}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"UDP Query User{98A40B30-D6AC-4C97-AD50-7AD97C6743F5}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7D480DD-8D1A-470D-87C6-3B9DBF6A629B}" = Buyertools Reminder
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CD Bremse_is1" = CD Bremse 1.49
"DTweak_is1" = DTweak
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free Download Manager_is1" = Free Download Manager 2.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.33
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"iDump" = iDump (Backing up your iPod)
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LastFM_is1" = Last.fm 1.5.4.27091
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"OnScreenDisplay" = Anzeige am Bildschirm
"PeerGuardian_is1" = PeerGuardian 2.0
"Picasa 3" = Picasa 3
"ratDVD" = ratDVD 0.78.1444
"SetupService" = Juniper Installer Service
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VLC media player" = VLC media player 0.9.2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.12.2010 06:15:04 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 30.12.2010 06:15:04 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 30.12.2010 06:15:04 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 31.12.2010 18:48:06 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 31.12.2010 18:48:06 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 31.12.2010 18:48:06 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 01.01.2011 07:38:22 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.178.20:5353 4 L-tta-PC.local.
Addr 192.168.178.20
 
Error - 01.01.2011 07:38:22 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 L-tta-PC.local.
Addr 192.168.178.28
 
Error - 01.01.2011 07:38:22 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname L-tta-PC.local already in use; will try L-tta-PC-2.local
instead
 
Error - 03.01.2011 10:27:44 | Computer Name = Lätta-PC | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
[ System Events ]
Error - 13.03.2011 10:38:53 | Computer Name = Lätta-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.03.2011 10:44:50 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.03.2011 16:14:29 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.03.2011 04:47:16 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.03.2011 07:36:10 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.03.2011 08:04:47 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.03.2011 09:47:29 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.03.2011 12:17:29 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.03.2011 03:39:14 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.03.2011 05:08:32 | Computer Name = Lätta-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

________________________________
Vielen Dank für die Hilfe!

TR/EyeStye.H.163 in C:\moonxxxxxx.exe

Plagegeister aller Art und deren Bekämpfung: TR/EyeStye.H.163 in C:\moonxxxxxx.exe

TR/EyeStye.H.163 in C:\moonxxxxxx.exe

Ähnliche Themen: TR/EyeStye.H.163 in C:\moonxxxxxx.exe