| mitdemdeppda | 10.11.2012 20:31 |
TR/ATRAPS.Gen & TR/ATRAPS.Gen2 durch Avira gefunden
Hallo zusammen,
Avira hat auf dem PC meines Vaters die in der Überschrift angegebenen Trojaner entdeckt.
Laut Avira befinden sie sich TR/ATRAPS.Gen2 in C:\RECYCLER\S-1-5-21-1214440339-1767777339-839522115-1003\$2be5f3d16c07e09d6166f0dc086957fa\U\80000032.@
Hier sind die gewünschten Textfiles:
OTL: Code:
OTL logfile created on: 10.11.2012 13:57:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
959,23 Mb Total Physical Memory | 564,80 Mb Available Physical Memory | 58,88% Memory free
2,26 Gb Paging File | 1,80 Gb Available in Paging File | 79,52% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 186,30 Gb Total Space | 61,63 Gb Free Space | 33,08% Space Free | Partition Type: NTFS
Drive D: | 407,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: HOME | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.10 13:54:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
PRC - [2012.07.02 14:47:26 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.02 14:47:16 | 000,086,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.02 14:47:07 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.07.02 14:47:05 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.07.02 14:47:05 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.02 14:47:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.11 08:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007.10.11 08:45:52 | 000,031,232 | ---- | M] (ArcSoft) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007.09.28 15:12:14 | 000,330,240 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe
PRC - [2007.09.10 19:37:08 | 001,167,360 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Sun\StarOffice 8\program\soffice.bin
PRC - [2007.09.10 19:37:08 | 001,015,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Sun\StarOffice 8\program\soffice.exe
PRC - [2007.07.11 16:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
PRC - [2007.05.10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2007.04.21 09:37:02 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
PRC - [2007.04.20 15:55:58 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\TotalMedia 3\TMMonitor.exe
PRC - [2005.09.22 15:42:24 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2000.11.24 12:17:02 | 000,282,624 | ---- | M] (DeTeWe AG & Co.) -- C:\Programme\Telekom\Eumex 504PC USB\Capictrl.exe
PRC - [2000.09.03 23:00:00 | 000,520,233 | ---- | M] (RVS Datentechnik GmbH, München) -- C:\Programme\TELEDAT\WCOM\SYSTEM\ccui.exe
PRC - [2000.09.03 23:00:00 | 000,172,075 | ---- | M] (RVS Datentechnik GmbH, München) -- C:\Programme\TELEDAT\WCOM\SYSTEM\Ccsrv.exe
PRC - [1997.10.17 23:00:00 | 000,051,984 | ---- | M] () -- C:\Programme\Microsoft Office\Office\OSA.EXE
========== Modules (No Company Name) ==========
MOD - [2012.07.27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.07.02 14:47:18 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.03.25 05:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007.08.08 18:15:02 | 000,828,416 | ---- | M] () -- C:\Programme\Sun\StarOffice 8\program\libxml2.dll
MOD - [2007.07.11 16:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
MOD - [2007.05.18 14:06:06 | 000,805,632 | ---- | M] () -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\ColorTrack.dll
MOD - [2007.05.10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [2007.04.21 09:37:02 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
MOD - [2007.03.16 12:44:14 | 000,256,768 | ---- | M] () -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\distort.dll
MOD - [2007.01.25 16:22:00 | 000,056,064 | ---- | M] () -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\uMSGHook.dll
MOD - [2006.11.13 14:01:40 | 000,252,672 | ---- | M] () -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\kgl.dll
MOD - [2006.11.13 14:01:38 | 000,436,992 | ---- | M] () -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\FPXLIB.DLL
MOD - [2006.11.13 14:01:22 | 000,146,176 | ---- | M] () -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\aglswf.dll
MOD - [2006.01.06 14:51:00 | 000,266,303 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3\magengin.dll
MOD - [2005.08.05 16:24:00 | 000,028,672 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3\uPiApi.dll
MOD - [2004.12.14 12:00:00 | 000,430,080 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3\FPXLIB.DLL
MOD - [2004.12.01 17:21:22 | 000,180,224 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3\kgl.dll
MOD - [1997.10.17 23:00:00 | 003,782,416 | ---- | M] () -- C:\Programme\Microsoft Office\Office\MSO97.DLL
MOD - [1997.10.17 23:00:00 | 000,051,984 | ---- | M] () -- C:\Programme\Microsoft Office\Office\OSA.EXE
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.02 14:47:16 | 000,086,736 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.02 14:47:07 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.07.02 14:47:05 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.07.02 14:47:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2007.10.11 08:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.06.05 23:52:13 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.06.05 23:52:13 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.06.05 23:52:13 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.15 14:38:49 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.10.16 10:35:58 | 010,376,576 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.05.30 19:15:08 | 000,013,184 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006.02.28 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006.02.28 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2005.09.22 15:34:18 | 003,727,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2005.07.29 16:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.07.29 16:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.05.11 12:12:17 | 000,079,248 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mgmt.sys -- (k600mgmt)
DRV - [2005.05.11 12:12:14 | 000,087,456 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mdm.sys -- (k600mdm)
DRV - [2005.05.11 12:12:14 | 000,006,096 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mdfl.sys -- (k600mdfl)
DRV - [2005.05.11 12:12:11 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600bus.sys -- (k600bus)
DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2000.11.22 09:48:10 | 000,147,760 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Capi20.sys -- (CAPI20)
DRV - [2000.10.20 12:37:26 | 000,027,484 | ---- | M] (DeTeWe Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULISA.SYS -- (ulisa)
DRV - [2000.09.03 23:00:00 | 000,038,400 | ---- | M] (RVS Datentechnik GmbH, München) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RVSPORT.sys -- (rvsport)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazelle-tours.de/start.php
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_de
IE - HKCU\..\SearchScopes\{8464158C-0DA2-4E44-87E9-8CB7F00877FF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5917434B-E170-48AA-8611-2B175516B45F&apn_sauid=B4E7823D-4455-4886-AE3E-BBB48EF6FCEE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.06 13:39:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.06 13:39:38 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Áàð çíàêîìñòâ 2) - {52CFF9E4-5FCD-460E-B476-7953788CA004} - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mamba\mambabar2\ie\mambabar2_ie.dll (Mamba)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Áàð çíàêîìñòâ 2) - {52CFF9E4-5FCD-460E-B476-7953788CA004} - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mamba\mambabar2\ie\mambabar2_ie.dll (Mamba)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [routcnf] C:\Programme\Telekom\Eumex 504PC USB\routcnf.exe File not found
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKCU..\Run: [dskchk] C:\DOKUME~1\Besitzer\LOKALE~1\Temp\derm32.exe File not found
O4 - HKCU..\Run: [Tetatet] "C:\Dokumente und Einstellungen\Besitzer\tetatet\tetatet.exe" auto File not found
O4 - HKCU..\Run: [TOY5KNQ8OC] C:\DOKUME~1\Besitzer\LOKALE~1\Temp\Ks1.exe File not found
O4 - HKCU..\RunOnce: [CommCenter] C:\Programme\TELEDAT\WCOM\SYSTEM\ccui.exe (RVS Datentechnik GmbH, München)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CAPIControl.lnk = C:\Programme\Telekom\Eumex 504PC USB\Capictrl.exe (DeTeWe AG & Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Magic-i Visual Effects.lnk = C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe (ArcSoft, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3\TMMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207747404937 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BFE7DB3-96A2-4193-9278-5956E8BC80B8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5648AE5C-24B4-4635-8493-3AC79F9A6BA2}: DhcpNameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92F4D7C8-0C06-4F83-A191-C4BB8F71097C}: DhcpNameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92F4D7C8-0C06-4F83-A191-C4BB8F71097C}: NameServer = 127.0.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.09 00:25:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998.01.28 17:00:00 | 000,021,504 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1998.01.28 17:00:00 | 000,000,058 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b3716e77-132e-11e0-8f7f-00138f8009d1}\Shell - "" = AutoRun
O33 - MountPoints2\{b3716e77-132e-11e0-8f7f-00138f8009d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3716e77-132e-11e0-8f7f-00138f8009d1}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.10 13:54:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.10.18 16:22:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\McAfee
[2012.10.18 12:56:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Avira
[2012.10.18 12:50:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.10.18 12:50:16 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.10.18 12:50:16 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012.10.18 12:50:16 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.10.18 12:50:11 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.10 14:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.11.10 13:55:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.10 13:54:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.11.10 13:53:17 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\defogger_reenable
[2012.11.10 13:52:06 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Defogger.exe
[2012.11.10 13:50:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.10 13:48:00 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2012.11.10 13:28:18 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.11.10 13:28:17 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.10 13:28:15 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2012.11.10 13:28:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.10 11:24:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8645AF1A-10A4-46A4-AB50-2B3FFABD4247}.job
[2012.11.09 18:12:46 | 000,004,306 | ---- | M] () -- C:\WINDOWS\Raktuell.ini
[2012.11.09 14:03:56 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.11.09 10:01:31 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.10.28 08:14:53 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.28 08:14:53 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.28 08:14:53 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.28 08:14:53 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.18 12:50:32 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.10.14 12:41:53 | 000,157,553 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\RyanairBoardingPassPorto-2.pdf
[2012.10.13 11:37:04 | 000,155,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\RyanairBoardingPassPorto-1.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.10 13:53:17 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\defogger_reenable
[2012.11.10 13:52:06 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Defogger.exe
[2012.10.18 12:50:32 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.10.14 12:41:51 | 000,157,553 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\RyanairBoardingPassPorto-2.pdf
[2012.10.13 11:36:29 | 000,155,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\RyanairBoardingPassPorto-1.pdf
[2012.08.13 10:09:29 | 000,009,361 | --S- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\2ys0lsl3vt.dat
[2012.08.13 10:09:06 | 000,000,479 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\dpconfig
[2012.08.13 10:09:06 | 000,000,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\pconfig
[2012.08.13 10:09:06 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\flh.dat
[2012.08.13 10:09:03 | 000,000,013 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\dlst.dat
[2012.07.06 11:47:18 | 000,000,128 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2012.02.17 10:09:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.06 13:48:00 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat.temp
[2011.12.06 13:16:03 | 000,239,269 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2011.12.06 13:16:02 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2010.11.15 14:39:17 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.11.15 14:39:02 | 000,000,238 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2009.06.13 09:10:45 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.09 14:22:37 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
========== ZeroAccess Check ==========
[2010.12.29 16:22:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2012.11.10 13:29:26 | 000,005,120 | -HS- | M] () -- C:\WINDOWS\assembly\GAC\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-1214440339-1767777339-839522115-1003\$2be5f3d16c07e09d6166f0dc086957fa\n. -- File not found
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\RECYCLER\S-1-5-18\$2be5f3d16c07e09d6166f0dc086957fa\n.
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.10.25 17:31:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2009.03.22 18:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.08.12 19:36:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\GARMIN
[2009.03.22 18:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ
[2012.07.06 16:06:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\klickTel
[2009.08.26 12:44:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Leadertech
[2010.05.25 20:41:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mamba
[2008.06.05 10:28:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Neowise
[2012.11.10 13:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\StarOffice8
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012.02.27 09:49:57 | 000,000,000 | ---D | M](C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\???) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Юра
[2012.02.24 16:47:52 | 000,000,000 | ---D | C](C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\???) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Юра
[2011.12.06 11:43:38 | 000,000,000 | ---D | M](C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\????) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Дети
[2011.10.09 12:19:41 | 000,000,000 | ---D | C](C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\????) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Дети
[2010.08.12 12:18:23 | 000,000,000 | ---D | M](C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\?????????? ?????) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Полученные файлы
[2010.08.12 12:18:23 | 000,000,000 | ---D | C](C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\?????????? ?????) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Полученные файлы
[2010.03.18 10:37:57 | 000,612,352 | ---- | M] ()(C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\??????? ????????? ?????.doc) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Хорошая программа Прага.doc
[2010.03.18 10:37:57 | 000,612,352 | ---- | C] ()(C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\??????? ????????? ?????.doc) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Хорошая программа Прага.doc
[2010.03.18 10:37:57 | 000,375,296 | ---- | M] ()(C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\????????? ??? ??? ??????? ???????.doc) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Программа для тур Агенств хорошая.doc
[2010.03.18 10:37:57 | 000,375,296 | ---- | C] ()(C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\????????? ??? ??? ??????? ???????.doc) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Программа для тур Агенств хорошая.doc
[2009.10.17 10:02:27 | 000,001,979 | ---- | C] ()(C:\Dokumente und Einstellungen\Besitzer\Desktop\?????????? Windows Live.lnk) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Фотоальбом Windows Live.lnk
[2009.01.18 12:11:16 | 000,001,979 | ---- | M] ()(C:\Dokumente und Einstellungen\Besitzer\Desktop\?????????? Windows Live.lnk) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Фотоальбом Windows Live.lnk
========== Alternate Data Streams ==========
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\Besitzer\Desktop\Route aktuell.lnk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\fax9215480950.pdf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\english facharbeit2.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\english facharbeit.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Betriebskostenabrechnung.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Alex105.doc:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\177_1300steelerz12.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Firmabader104.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Ermäß01.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Ermächtigung02.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Ermächtigung01.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Ehescheidung103.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\csacpl.cpl:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\ccui.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Biz1Logo.jsp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Bella104.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\avwinsfx10.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Anzeige 12.rtf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\61201mer.jpg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\207_kalender-internet-2.quartal.doc:KAVICHS
< End of report >
Extras: Code:
OTL Extras logfile created on: 10.11.2012 13:57:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
959,23 Mb Total Physical Memory | 564,80 Mb Available Physical Memory | 58,88% Memory free
2,26 Gb Paging File | 1,80 Gb Available in Paging File | 79,52% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 186,30 Gb Total Space | 61,63 Gb Free Space | 33,08% Space Free | Partition Type: NTFS
Drive D: | 407,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: HOME | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Sun\StarOffice 8\program\soffice.exe" -writer -o "%1" (Sun Microsystems, Inc.)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0ED5C5EF-1BA0-4289-B71F-BACBE1F7EEAE}" = StarOffice 8
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Средство передачи Windows Live
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4740F152-2F61-4DEF-80C4-BFDEC8D928C3}" = Windows Live Messenger
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{57623F1C-9356-49AF-B187-FC854F8F0CBF}" = Фотоальбом Windows Live
"{5AB4024C-BDA4-41FB-80CC-41BD1C63A6AF}" = Internet Explorer
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993FEC4E-D506-4BB2-9D2B-FB0E7E5219D4}" = klickTel Routenplaner Deutschland und Europa 2012
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F70456A-2D46-4C6D-803C-1513BABD2E5B}" = Почта Windows Live
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C26868BF-3550-4BA2-9B75-8876C5F3D9B1}" = Основные компоненты Windows Live
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4613A3C-B7B4-4B22-835E-0C730D648A9D}_is1" = Carbon Folder
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Hama Webcam AC-150
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F9608341-C96D-4566-9A7C-4C897437837D}" = Windows Live Sync
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Áàð Çíàêîìñòâ" = Áàð Çíàêîìñòâ 2.4.3
"Adobe Acrobat Reader 3.0" = Adobe Acrobat Reader 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 4.9.0.0
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.0 Full
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSPUB5" = Microsoft Publisher 98
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ROUTE aktuell" = ROUTE aktuell
"RVS-COM Version 1.0" = Teledat RVS-COM
"Shop for HP Supplies" = Shop for HP Supplies
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Основные компоненты Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Works" = Microsoft Works 4.5
"Works99Setup" = Microsoft Works Setup Launcher
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"00b307ec5299c7ad" = Misteria.Win
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.11.2012 12:08:33 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 01.11.2012 12:08:33 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 01.11.2012 12:08:33 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 01.11.2012 12:08:33 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 01.11.2012 12:08:33 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 02.11.2012 06:35:33 | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 06.11.2012 06:23:37 | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 06.11.2012 06:23:38 | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 07.11.2012 11:27:36 | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.11.2012 12:43:54 | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 08.11.2012 04:45:57 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08.11.2012 09:06:02 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08.11.2012 09:06:02 | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 09.11.2012 04:22:50 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 09.11.2012 04:22:50 | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 09.11.2012 09:05:31 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 09.11.2012 11:50:05 | Computer Name = HOME | Source = System Error | ID = 1003
Description = Fehlercode 1000000a, 1. Parameter e26cc7c0, 2. Parameter 00000002,
3. Parameter 00000000, 4. Parameter 804f9c89.
Error - 09.11.2012 11:50:24 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 10.11.2012 06:23:02 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 10.11.2012 08:29:39 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
< End of report >
Gmer: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-10 19:56:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 SAMSUNG_HD200HJ rev.KF100-06
Running: p9ynjiyj.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\pxtdipow.sys
---- System - GMER 1.0.15 ----
SSDT F7C917AC ZwClose
SSDT F7C91766 ZwCreateKey
SSDT F7C917B6 ZwCreateSection
SSDT F7C9178E ZwCreateSymbolicLinkObject
SSDT F7C9175C ZwCreateThread
SSDT F7C9176B ZwDeleteKey
SSDT F7C91775 ZwDeleteValueKey
SSDT F7C917A7 ZwDuplicateObject
SSDT F7C91793 ZwLoadDriver
SSDT F7C9177A ZwLoadKey
SSDT F7C91748 ZwOpenProcess
SSDT F7C91789 ZwOpenSection
SSDT F7C9174D ZwOpenThread
SSDT F7C917CF ZwQueryValueKey
SSDT F7C91784 ZwReplaceKey
SSDT F7C917C0 ZwRequestWaitReplyPort
SSDT F7C9177F ZwRestoreKey
SSDT F7C917BB ZwSetContextThread
SSDT F7C917C5 ZwSetSecurityObject
SSDT F7C91798 ZwSetSystemInformation
SSDT F7C91770 ZwSetValueKey
SSDT F7C917CA ZwSystemDebugControl
SSDT F7C91757 ZwTerminateProcess
SSDT F7C91752 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF677B360, 0x20469D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41367191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413671FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41367062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413670C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413672C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41367126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ole32.dll!CoCreateInstance 774CF1BC 5 Bytes JMP 4126DB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[2468] ole32.dll!OleLoadFromStream 774F983B 5 Bytes JMP 413675C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3496] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41367191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413671FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41367062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 413670C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 413672C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41367126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\Internet Explorer\iexplore.exe[2468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\y (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1956] 0x00E90000
---- EOF - GMER 1.0.15 ----
Als ich GMER ausgeführt habe, habe ich wie die Netzwerkverbindung getrennt und alle Programme beendet. Leider habe ich es nicht geschafft Avira auszuschalten und habe einfach alle Avira-Prozesse über den Taskmanager beendet.
Vielen Dank schon mal im Voraus. |
