dunkelauge | 30.08.2010 11:53 | Code:
OTL logfile created on: 30.08.2010 12:39:49 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Dunkelauge\Download\Computer retten
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 440,37 Gb Total Space | 143,14 Gb Free Space | 32,50% Space Free | Partition Type: NTFS
Drive D: | 25,38 Gb Total Space | 4,24 Gb Free Space | 16,73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DUNKELAUGE-PC
Current User Name: Dunkelauge
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Dunkelauge\Download\Computer retten\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Dunkelauge\Download\Computer retten\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV - (Trufos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.14 20:45:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.28 19:38:22 | 000,000,000 | ---D | M]
[2010.01.19 20:59:28 | 000,000,000 | ---D | M] -- C:\Users\Dunkelauge\AppData\Roaming\mozilla\Extensions
[2010.08.28 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Dunkelauge\AppData\Roaming\mozilla\Firefox\Profiles\pbascmpw.default\extensions
[2010.08.25 21:21:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dunkelauge\AppData\Roaming\mozilla\Firefox\Profiles\pbascmpw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.19 20:59:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.14 20:45:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.14 20:45:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.14 20:45:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.14 20:45:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.14 20:45:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dunkelauge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sysrda32.exe ()
O4 - Startup: C:\Users\Dunkelauge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Programme\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dunkelauge\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dunkelauge\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{13da86cc-5efb-11de-8ec2-001f1619d63f}\Shell\AutoRun\command - "" = fvbrkc.exe
O33 - MountPoints2\{13da86cc-5efb-11de-8ec2-001f1619d63f}\Shell\explore\Command - "" = fvbrkc.exe
O33 - MountPoints2\{13da86cc-5efb-11de-8ec2-001f1619d63f}\Shell\open\Command - "" = fvbrkc.exe
O33 - MountPoints2\{3a5c1e22-8da6-11de-971d-001f1619d63f}\Shell - "" = AutoRun
O33 - MountPoints2\{3a5c1e22-8da6-11de-971d-001f1619d63f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{3a5c1e3a-8da6-11de-971d-001f1619d63f}\Shell - "" = AutoRun
O33 - MountPoints2\{3a5c1e3a-8da6-11de-971d-001f1619d63f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{6971deb4-6479-11de-85a1-001f1619d63f}\Shell - "" = AutoRun
O33 - MountPoints2\{6971deb4-6479-11de-85a1-001f1619d63f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8a1c00c6-6081-11de-9f16-001f1619d63f}\Shell - "" = AutoRun
O33 - MountPoints2\{8a1c00c6-6081-11de-9f16-001f1619d63f}\Shell\AutoRun\command - "" = G:\starter.exe -- File not found
O33 - MountPoints2\{cd0f9f15-66ff-11de-b812-001f1619d63f}\Shell - "" = AutoRun
O33 - MountPoints2\{cd0f9f15-66ff-11de-b812-001f1619d63f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.08.30 11:15:16 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010.08.14 20:49:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.14 20:49:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.14 20:49:51 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.14 20:49:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.14 20:49:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.14 20:49:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.14 20:49:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.14 20:49:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.14 20:49:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.14 20:49:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.14 20:49:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.14 20:49:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.14 20:49:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.14 20:49:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.14 20:49:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.14 20:49:47 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.14 20:49:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.14 20:49:36 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.14 20:49:36 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.14 20:49:24 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.02.27 19:17:28 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.02.27 19:17:27 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
========== Files - Modified Within 30 Days ==========
[2010.08.30 12:42:24 | 000,765,952 | ---- | M] () -- C:\Windows\System32\drivers\fkuzha.sys
[2010.08.30 12:41:01 | 002,359,296 | -HS- | M] () -- C:\Users\Dunkelauge\NTUSER.DAT
[2010.08.30 12:38:37 | 000,000,748 | ---- | M] () -- C:\Users\Dunkelauge\Desktop\OTL - Verknüpfung.lnk
[2010.08.30 12:36:35 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.30 12:36:24 | 000,387,244 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.30 12:36:24 | 000,387,244 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.30 12:36:23 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.30 12:36:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.30 11:33:17 | 001,504,798 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.30 11:33:17 | 000,642,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.30 11:33:17 | 000,607,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.30 11:33:17 | 000,132,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.30 11:33:17 | 000,108,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.30 11:13:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.30 11:13:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.30 11:13:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.30 11:13:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.30 11:12:07 | 000,524,288 | -HS- | M] () -- C:\Users\Dunkelauge\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.30 11:12:07 | 000,065,536 | -HS- | M] () -- C:\Users\Dunkelauge\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.30 11:11:58 | 003,721,758 | -H-- | M] () -- C:\Users\Dunkelauge\AppData\Local\IconCache.db
[2010.08.29 00:16:15 | 308,239,576 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.28 23:41:23 | 000,000,016 | ---- | M] () -- C:\Users\Dunkelauge\AppData\Roaming\hngmfc.dat
[2010.08.28 23:41:20 | 000,000,004 | ---- | M] () -- C:\Users\Dunkelauge\AppData\Roaming\avdrn.dat
[2010.08.25 21:16:40 | 000,400,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.14 20:59:25 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010.08.14 20:58:04 | 000,000,264 | ---- | M] () -- C:\Windows\win.ini
========== Files Created - No Company Name ==========
[2010.08.30 12:38:37 | 000,000,748 | ---- | C] () -- C:\Users\Dunkelauge\Desktop\OTL - Verknüpfung.lnk
[2010.08.28 23:41:54 | 000,765,952 | ---- | C] () -- C:\Windows\System32\drivers\fkuzha.sys
[2010.08.28 23:41:23 | 000,000,016 | ---- | C] () -- C:\Users\Dunkelauge\AppData\Roaming\hngmfc.dat
[2010.08.28 23:41:20 | 000,000,004 | ---- | C] () -- C:\Users\Dunkelauge\AppData\Roaming\avdrn.dat
[2010.07.26 15:42:29 | 000,000,098 | ---- | C] () -- C:\Users\Dunkelauge\AppData\Local\fusioncache.dat
[2010.04.09 15:38:57 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\E9EA0C8E6F.sys
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.29 14:18:32 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.29 10:40:13 | 000,000,781 | ---- | C] () -- C:\Windows\QIII.INI
[2009.08.20 16:06:02 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.08.20 16:06:02 | 000,138,056 | ---- | C] () -- C:\Users\Dunkelauge\AppData\Roaming\PnkBstrK.sys
[2009.08.05 22:59:22 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009.08.05 22:59:22 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009.07.30 23:28:12 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2009.06.29 23:29:27 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.06.29 10:19:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.22 07:48:06 | 000,000,680 | ---- | C] () -- C:\Users\Dunkelauge\AppData\Local\d3d9caps.dat
[2009.06.20 18:42:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.19 09:08:04 | 000,027,503 | ---- | C] () -- C:\Users\Dunkelauge\AppData\Roaming\UserTile.png
[2009.06.18 22:26:55 | 000,000,950 | ---- | C] () -- C:\Users\Dunkelauge\AppData\Roaming\wklnhst.dat
[2009.06.18 22:06:26 | 000,214,528 | ---- | C] () -- C:\Users\Dunkelauge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.27 19:17:28 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.02.27 19:17:28 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.02.27 19:17:28 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.02.26 22:09:31 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.02.26 22:09:31 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\F928A0FA17.sys
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2010.04.20 09:09:05 | 000,000,000 | ---D | M] -- C:\Users\Dunkelauge\AppData\Roaming\Canon
[2009.10.29 14:26:29 | 000,000,000 | ---D | M] -- C:\Users\Dunkelauge\AppData\Roaming\DAEMON Tools Lite
[2009.08.06 09:57:59 | 000,000,000 | ---D | M] -- C:\Users\Dunkelauge\AppData\Roaming\GetRightToGo
[2009.06.18 22:27:07 | 000,000,000 | ---D | M] -- C:\Users\Dunkelauge\AppData\Roaming\Template
[2009.08.24 20:55:26 | 000,000,000 | ---D | M] -- C:\Users\Dunkelauge\AppData\Roaming\TerraTec
[2010.07.26 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\Dunkelauge\AppData\Roaming\Turbine
[2009.08.27 09:39:35 | 000,000,000 | ---D | M] -- C:\Users\Dunkelauge\AppData\Roaming\Ubisoft
[2010.08.30 11:12:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > Das ist das erste. Ich hoffe ich habe das mit den Tags richtig gemacht. Bei der Scannung durch OLT kam der Hinweis das in device/harddisk1/dr2 kein Datenträger eingelegt sei....??? keine Ahnung was das seien soll. Ich musste 20 mal weiter klicken damit es weiter ging. Das andere Rootkit Teil kommt noch. thx bis hierhin schonmal |