Metropolitan Police Trojaner auf dem Rechner!
Nun hat auch mich dieser Trojaner erwischt und bitte euch um Hilfe
Hier die Logdaten
Bedanke mich schonmal vorab
mfg h3nky Code:
OTL logfile created on: 6/20/2011 4:16:24 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.64 Gb Total Space | 327.34 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
Drive X: | 3.93 Gb Total Space | 3.53 Gb Free Space | 89.80% Space Free | Partition Type: FAT
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/06/04 12:51:38 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/06 12:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/09/04 10:06:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/07 12:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/01 18:54:54 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/01/01 18:54:54 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/06/15 10:34:20 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/06/04 12:51:51 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/27 04:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/27 04:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010/07/27 04:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 04:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/05/07 12:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/01/02 15:11:56 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/01 18:54:54 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/01/01 18:54:54 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/01 18:54:54 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/09/23 03:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/13 15:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2007/06/08 14:15:00 | 000,262,912 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/03/17 05:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\henky_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\henky_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\henky_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\henky_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\henky_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.5
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AD3FB3C2-E344-4276-A7E2-F0BC8A627298}:1.9.1
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:1.0.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/09/05 15:42:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AD3FB3C2-E344-4276-A7E2-F0BC8A627298}: C:\Documents and Settings\henky\Local Settings\Application Data\{AD3FB3C2-E344-4276-A7E2-F0BC8A627298} [2011/04/18 10:22:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 09:48:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 09:48:18 | 000,000,000 | ---D | M]
[2010/01/01 18:36:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\henky\Application Data\Mozilla\Extensions
[2011/06/19 09:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions
[2010/07/25 15:30:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/01 07:12:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/02/05 23:52:41 | 000,000,000 | ---D | M] (FoxGame) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2011/05/07 03:39:58 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2010/05/21 03:39:31 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\daemon-search.xml
[2011/06/16 05:37:48 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-1.xml
[2011/03/24 11:30:15 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-2.xml
[2011/04/30 05:34:13 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-3.xml
[2011/05/01 07:16:59 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin-4.xml
[2010/05/12 11:40:48 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\henky\Application Data\Mozilla\Firefox\Profiles\evf0f4gu.default\searchplugins\icqplugin.xml
[2011/06/19 09:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/18 10:22:41 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\HENKY\LOCAL SETTINGS\APPLICATION DATA\{AD3FB3C2-E344-4276-A7E2-F0BC8A627298}
[2010/09/05 15:42:51 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2010/01/25 16:44:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/05/31 11:28:48 | 000,249,856 | ---- | M] (Icenet LLC) -- C:\Program Files\Mozilla Firefox\plugins\npalnn.dll
[2010/03/27 12:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2009/12/02 04:31:53 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009/12/02 04:31:53 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009/12/02 04:31:53 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009/12/02 04:31:53 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009/12/02 04:31:53 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011/05/08 07:51:57 | 000,000,849 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\henky_ON_C\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Tbagokonibum] File not found
O4 - HKU\.DEFAULT..\Run: [aighfrshdgf.exe] File not found
O4 - HKU\henky_ON_C..\Run: [{1F25ECE9-2C48-B249-EF11-8DD4A60B01ED}] C:\Documents and Settings\henky\Application Data\Ehew\ecel.exe ()
O4 - HKU\henky_ON_C..\Run: [aighfrshdgf.exe] File not found
O4 - HKU\henky_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\henky_ON_C..\Run: [Fvidakipipadax] File not found
O4 - HKU\henky_ON_C..\Run: [ICQ] File not found
O4 - HKU\henky_ON_C..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.)
O4 - HKU\henky_ON_C..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.)
O4 - HKU\henky_ON_C..\Run: [Performance Center] File not found
O4 - HKU\henky_ON_C..\Run: [Steam] C:\Games\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\henky_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (C:\Program Files\Mozilla Firefox\0.7895989218671142.exe) - C:\Program Files\Mozilla Firefox\0.7895989218671142.exe (BitDefender)
O24 - Desktop Components:0 () - hxxp://i8.ebayimg.com/08/i/001/49/9a/4a19_12.JPG
O24 - Desktop Components:1 () - hxxp://uni74.ogame.de/game/img/background/background_voll_2.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/02 03:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/18 09:02:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/17 10:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Desktop\Stuff
[2011/06/16 05:26:22 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/16 05:26:11 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/06/12 08:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Local Settings\Application Data\PunkBuster
[2011/06/12 08:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Start Menu\Programs\Wolfenstein - Enemy Territory
[2011/06/12 08:09:51 | 000,000,000 | --SD | C] -- C:\Program Files\HLSW
[2011/06/12 08:09:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HLSW
[2011/06/12 08:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\henky\Application Data\HLSW
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/20 08:54:17 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/20 08:54:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/20 08:53:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 08:53:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/06/19 17:38:48 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/19 17:38:48 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/19 08:31:48 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/18 18:12:11 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/18 18:12:11 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/18 09:02:39 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/17 10:21:40 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\henky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/17 05:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/17 04:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/12 08:49:38 | 000,137,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/06/12 08:49:29 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/06/12 08:32:18 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/06/12 08:27:57 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\henky\Desktop\Wolfenstein - Enemy Territory.lnk
[2011/06/12 08:09:56 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\henky\Desktop\HLSW.lnk
[2011/06/12 08:09:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HLSW
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/12 08:32:18 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/06/12 08:27:57 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\henky\Desktop\Wolfenstein - Enemy Territory.lnk
[2011/06/12 08:09:56 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\henky\Desktop\HLSW.lnk
[2011/06/04 12:52:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/04 12:52:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/18 10:22:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wxocimupewukuwup.dat
[2011/04/18 10:22:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bciboqoralos.bin
[2010/12/12 14:01:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2010/12/12 12:52:39 | 000,000,046 | ---- | C] () -- C:\WINDOWS\spwdrg.INI
[2010/12/12 12:52:25 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010/12/12 12:52:21 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2010/12/12 12:52:21 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/12/12 12:52:21 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2010/12/12 12:52:21 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2010/12/12 12:52:14 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
[2010/09/17 16:32:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/19 11:10:44 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bbbotsoftid.ini
[2010/08/11 16:44:42 | 000,039,648 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/27 04:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 04:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/27 04:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/07/27 03:56:04 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/07/20 06:35:52 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/19 19:04:26 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/07 12:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 12:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/18 12:37:24 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/04/18 12:37:23 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/04/18 12:37:16 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/03/05 17:54:02 | 000,000,167 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/01/30 09:55:54 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2010/01/03 20:51:28 | 000,011,101 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/01/02 03:30:48 | 000,030,979 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/01/02 03:30:35 | 000,030,660 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/01/02 03:30:35 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/01/02 03:30:27 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/01/02 03:25:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/02 03:20:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/01 19:54:07 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/01/01 19:17:45 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/01/01 19:17:45 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/01/01 19:17:42 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/01/01 19:17:42 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/01/01 19:10:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/01 19:07:12 | 003,586,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/01 18:44:27 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/01/01 18:35:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/01 07:06:46 | 000,202,752 | ---- | C] () -- C:\Documents and Settings\henky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 07:37:18 | 002,542,458 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2009/11/06 05:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2005/03/21 21:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 21:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2010/11/21 07:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\abgx360
[2010/03/03 06:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Bioshock2
[2010/01/10 17:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Canneverbe_Limited
[2010/01/02 15:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\DAEMON Tools Lite
[2010/04/29 18:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\DAEMON Tools Pro
[2010/01/04 12:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Ehew
[2010/10/20 15:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\FreeFLVConverter
[2011/06/12 16:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\HLSW
[2011/06/19 06:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\ICQ
[2010/02/27 05:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\ImgBurn
[2010/04/18 12:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Leadertech
[2010/07/26 15:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\LolClient
[2011/06/19 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Puuldi
[2010/09/21 10:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/13 07:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\TeamViewer
[2010/01/02 03:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\TMP
[2011/05/23 12:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\TS3Client
[2010/05/09 14:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Ubisoft
[2010/03/08 16:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\henky\Application Data\Xilisoft
[2010/11/21 07:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\360WavesPatcher
[2010/01/02 15:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/02 14:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/03/27 02:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/03/27 02:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/05/01 07:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010/09/06 12:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/27 02:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/12/12 14:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/07/20 03:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010/11/17 15:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2010/08/22 09:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/01 03:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/19 16:41:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2011/06/20 08:54:17 | 000,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:24051EFF
< End of report >
|
