|
Log-Analyse und Auswertung: Sparkassen Trojaner ITAN AbfrageWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.06.2011, 21:48 | #1 |
| Sparkassen Trojaner ITAN Abfrage Hi, ich habe seit Anfang dieser Woche ebenfalls den Sparkassen Trojaner auf meinem PC. Onlinebanking ist bereits gesperrt - jetzt muss ich das Ding nur noch runterbekommen oder neu aufsetzen. Wäre super, wenn Ihr mir helfen könntet. Folgende Meldung beim Anmelden auf der Sparkassenseite: Sehr geehrter Benutzer, die Laufzeit der iTAN-Liste für Ihr account beträgt 30 Tagen. Bitte bestätigen Sie Ihre gültige iTAN-Liste, damit wir für Sie eine neue Karte vorbereiten könnten. Um Ihre Liste zu bestätigen, füllen Sie die Form unten und drücken Sie die Taste "Anmelden". Hab schon Malwarebytes, OTL, HJTscanlist.zip, CC Cleaner drüber laufen lassen. Hier die Ergebnisse: Code:
ATTFilter Malwarebytes: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6812 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 09.06.2011 07:00:41 mbam-log-2011-06-09 (07-00-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 365040 Laufzeit: 2 Stunde(n), 9 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0JUC5I2ZXZ6C0Y9AMPWRKP (Trojan.SpyEyes) -> Value: 0JUC5I2ZXZ6C0Y9AMPWRKP -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. c:\syufahusjif (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\Marco\AppData\Local\Temp\Rar$EX01.157\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully. c:\Users\Marco\AppData\Local\Temp\Rar$EX01.157\router\fritz!box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. c:\syufahusjif\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. Code:
ATTFilter OTL OTL logfile created on: 09.06.2011 22:26:19 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Marco\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 893,42 Mb Total Physical Memory | 207,04 Mb Available Physical Memory | 23,17% Memory free 2,00 Gb Paging File | 0,51 Gb Available in Paging File | 25,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,46 Gb Total Space | 12,06 Gb Free Space | 8,84% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,26 Gb Free Space | 62,61% Space Free | Partition Type: NTFS Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Marco\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - c:\Programme\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - c:\Programme\McAfee\MSC\mcuimgr.exe (McAfee, Inc.) PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) PRC - C:\Programme\DellSupport\DSAgnt.exe (Gteko Ltd.) PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) PRC - C:\Windows\sttray.exe (SigmaTel, Inc.) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Programme\McAfee\MPS\mps.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee Inc.) PRC - C:\Programme\McAfee\MSK\mskagent.exe (McAfee Inc.) PRC - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MPS\mpsevh.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Marco\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (McNASvc) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MPS9) -- C:\Programme\McAfee\MPS\mps.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee Inc.) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (McRedirector) -- C:\Programme\Common Files\McAfee\RedirSvc\RedirSvc.exe (McAfee, Inc.) SRV - (Emproxy) -- C:\Programme\Common Files\McAfee\EmProxy\emproxy.exe (McAfee, Inc.) SRV - (McAfee HackerWatch Service) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Programme\McAfee\VirusScan\mferkdk.sys (McAfee, Inc.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH) DRV - (ASAPIW2k) -- C:\Windows\System32\drivers\asapiW2k.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1070729 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=1070729 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010.02.11 17:30:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.7\Extensions\\Components: C:\PROGRA~1\MOZILL~1\COMPON~1\ [2011.04.06 22:09:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.7\Extensions\\Plugins: C:\PROGRA~1\MOZILL~1\plugins\ [2009.10.26 23:43:19 | 000,000,000 | ---D | M] [2011.05.21 20:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\8qcs8lgy.default\extensions [2010.02.11 17:52:54 | 000,000,000 | ---D | M] ("Microsoft .NET Framework Assistant") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\8qcs8lgy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.11 17:52:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\8qcs8lgy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.11 17:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.11 17:27:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.11 17:27:25 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2010.02.11 17:27:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.02.11 17:27:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.02.11 17:27:25 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\REALPLAYER@PARTNERS.MOZILLA.COM [2010.02.11 17:30:28 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2010.01.15 22:54:30 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll [2010.01.15 22:54:30 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll [2010.01.15 22:54:33 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll [2010.01.15 22:54:53 | 000,000,680 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazon-de.png [2010.01.15 22:54:53 | 000,000,804 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazon-de.src [2010.01.15 22:54:53 | 000,000,210 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.gif [2010.01.15 22:54:53 | 000,001,075 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.src [2010.01.15 22:54:53 | 000,001,076 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google-de.gif [2010.01.15 22:54:53 | 000,000,892 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google-de.src [2010.01.15 22:54:53 | 000,000,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.png [2010.01.15 22:54:53 | 000,001,157 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.src [2010.01.15 22:54:53 | 000,000,088 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.gif [2010.01.15 22:54:53 | 000,001,147 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.src O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BearShare] File not found O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\mskagent.exe (McAfee Inc.) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe () O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2007_2008\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [USB2Check] File not found O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [1X8C4VXU8ZZC7V4WOUHQFDNICMPMHW] C:\rgotgktjgbt\rgotgktjgbt.exe (HD1B) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [dydtpfk] File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/defaults/activex/ips/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Marco\Pictures\2010-01-10 Kleinostheim im Schnee\Kleinostheim im Schnee 009.JPG O24 - Desktop BackupWallPaper: C:\Users\Marco\Pictures\2010-01-10 Kleinostheim im Schnee\Kleinostheim im Schnee 009.JPG O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.09 21:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.06.09 21:45:11 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.06.08 21:31:44 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Malwarebytes [2011.06.08 21:31:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.06.08 21:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.08 21:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.08 21:31:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.06.08 21:31:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.06.07 20:31:59 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Avira [2011.06.07 19:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.06.07 19:54:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.06.07 19:54:25 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.06.07 19:54:25 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.06.07 19:54:21 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.06.07 19:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.06.04 14:21:04 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.06.04 14:21:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.06.04 14:21:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.06.04 14:21:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.06.04 14:21:03 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.06.04 14:21:03 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.06.04 14:21:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.06.04 14:21:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.06.04 14:21:01 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.06.04 14:21:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.06.04 14:21:00 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.06.04 14:21:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.06.04 14:21:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.06.04 14:21:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.06.04 14:21:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.06.04 14:20:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.06.04 14:20:59 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.06.04 14:20:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.06.04 14:20:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.06.04 14:20:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.06.04 14:20:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.06.04 14:20:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.06.04 14:20:58 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.06.04 14:20:58 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.06.04 14:20:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.06.04 14:20:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.06.04 14:20:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.06.04 14:20:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.06.04 14:20:57 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.06.04 14:20:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.06.04 14:20:57 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.06.04 14:20:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.06.04 14:20:57 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.06.04 14:20:57 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.06.04 14:20:57 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.06.04 14:20:57 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.06.04 14:20:57 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.06.04 14:20:57 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.06.04 14:20:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.09 22:29:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.09 21:45:19 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.09 21:15:17 | 000,005,594 | ---- | M] () -- C:\Windows\System32\Config.MPF [2011.06.09 21:14:43 | 000,490,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.06.09 21:12:54 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.09 21:12:53 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.09 21:12:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.09 21:12:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.09 21:12:03 | 937,582,592 | -HS- | M] () -- C:\hiberfil.sys [2011.06.08 21:31:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.07 23:15:17 | 000,019,968 | ---- | M] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.07 19:55:12 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.06.06 21:59:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.06 21:59:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.06 21:59:27 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.06 21:59:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.06 20:30:43 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.06.05 14:28:42 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk [2011.06.05 14:28:41 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Meine CEWE FOTOWELT.lnk [2011.06.04 21:08:54 | 000,002,633 | ---- | M] () -- C:\Users\Marco\Desktop\Microsoft Office Excel 2007.lnk [2011.06.04 14:21:25 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.06.04 14:21:25 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.06.04 14:21:04 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.06.04 14:21:04 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.06.04 14:21:04 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.06.04 14:21:03 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.06.04 14:21:03 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.06.04 14:21:03 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.06.04 14:21:03 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.06.04 14:21:03 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.06.04 14:21:01 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.06.04 14:21:01 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.06.04 14:21:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.06.04 14:21:00 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.06.04 14:21:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.06.04 14:21:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.06.04 14:21:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.06.04 14:21:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.06.04 14:21:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.06.04 14:20:59 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.06.04 14:20:59 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.06.04 14:20:59 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.06.04 14:20:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.06.04 14:20:59 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.06.04 14:20:58 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.06.04 14:20:58 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.06.04 14:20:58 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.06.04 14:20:58 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.06.04 14:20:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.06.04 14:20:58 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.06.04 14:20:58 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.06.04 14:20:57 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.06.04 14:20:57 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.06.04 14:20:57 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.06.04 14:20:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.06.04 14:20:57 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.06.04 14:20:57 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.06.04 14:20:57 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.06.04 14:20:57 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.06.04 14:20:57 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.06.04 14:20:57 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.06.04 14:20:57 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.06.04 12:29:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.15 13:09:40 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.09 21:45:19 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.06.08 21:31:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.07 19:55:11 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.06.04 14:21:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.04.05 21:00:31 | 000,019,968 | ---- | C] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.11 22:00:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.11 21:58:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.02.11 21:58:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.02.11 18:04:50 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2010.02.11 17:00:07 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2010.02.11 17:00:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2010.02.11 16:59:44 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll [2010.02.11 16:59:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2010.02.11 16:59:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.02.11 16:59:40 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.12.24 14:08:26 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2008.09.13 11:34:27 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2008.09.13 11:34:27 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2008.09.13 11:34:27 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2008.09.13 11:34:27 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2008.09.13 11:34:27 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2008.08.03 21:02:15 | 000,000,016 | -H-- | C] () -- C:\Users\Marco\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.02.16 15:45:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.02.16 15:41:22 | 000,003,425 | ---- | C] () -- C:\Windows\mozver.dat [2007.08.17 11:58:12 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.08.05 11:05:07 | 000,153,088 | ---- | C] () -- C:\Programme\UNWISE.EXE [2007.08.05 10:51:17 | 000,406,016 | ---- | C] () -- C:\Windows\System32\PSDrvCheck.exe [2007.08.05 10:49:26 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2007.08.05 10:49:26 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2007.08.05 10:49:26 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2007.08.05 10:49:26 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2007.08.05 10:49:26 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2007.08.04 13:46:48 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini [2007.07.28 19:31:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2007.07.28 19:31:05 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2007.07.28 19:29:56 | 000,000,080 | RHS- | C] () -- C:\Windows\CT4CET.bin [2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,490,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2004.03.18 07:44:29 | 001,663,068 | ---- | C] () -- C:\Windows\System32\libmmd.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Marco\Documents\REZEPTE:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Marco\Documents\Kinder:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Marco\Documents\Eigentumswohnung:Roxio EMC Stream < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.06.2011 22:26:19 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Marco\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 893,42 Mb Total Physical Memory | 207,04 Mb Available Physical Memory | 23,17% Memory free 2,00 Gb Paging File | 0,51 Gb Available in Paging File | 25,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,46 Gb Total Space | 12,06 Gb Free Space | 8,84% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,26 Gb Free Space | 62,61% Space Free | Partition Type: NTFS Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Meine CEWE FOTOWELT] -- "C:\Program Files\CeWe Color\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" () Directory [Meine CEWE FOTOWELT.exe] -- "C:\Program Files\CeWe Color\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{E977545F-BF0E-4D32-BB98-E0BB95F3AF85}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1F4478E8-C0FE-461F-AB84-1384657C497A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2384F3D9-B57B-4A84-9A6A-15717408FADA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{50FEFB8B-6080-49BA-A536-EFBB7E96FCE6}" = dir=in | app=c:\program files\itunes\itunes.exe | "{596AF9F9-9B74-40A6-B060-256D7088A7B1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5A8ECF6E-9E3A-47D8-8C8F-7D5B53D654DF}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{7A626E83-49DD-4653-AAD8-E8CCFBD788F8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{8B213E6B-A111-44F6-A717-F99167C7E425}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{A03E574B-1428-4C61-88E7-3C79F2A56162}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{A34FD058-3E2D-4123-A8D1-A6A2E0C04B2E}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe | "{AA7429D4-3DE3-4276-8B7F-7E3DFF87692D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{C60165D0-B5A8-4946-819B-67BAA81B90DC}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{CF206711-771D-4E0E-B1DC-5A0DC47778FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D895AC18-D985-40C9-A3B8-E9C9FF1054BA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{09EFED66-F0B9-4D64-B98E-AE0454636522}" = StarMoney 6.0 S-Edition "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224 "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar "{1FBE067B-EDA5-C4DC-1CAE-0A97869668F5}" = CCC Help English "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{233A09B2-5DDD-1D47-41F3-283243CD6E58}" = Catalyst Control Center Localization Finnish "{26521EB6-D0C1-9AA9-EC73-743A75F5E390}" = CCC Help German "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{28166874-4E4D-AA06-22D5-3FFF80D9DF71}" = CCC Help Norwegian "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D736E48-0BFE-1E36-C3CC-D40027C8D779}" = CCC Help Chinese Traditional "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FA54B99-76EA-54D7-E821-3A6D4C58B485}" = Catalyst Control Center Localization Korean "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney "{4902AA2F-558B-709F-2EC4-ABCCA5817DE2}" = Catalyst Control Center Localization Chinese Standard "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4AE661B2-2CA3-689C-7B07-633946D93DBA}" = Catalyst Control Center Localization Spanish "{4BCDF14A-0140-DAA1-197D-2A0714C304EB}" = CCC Help Dutch "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0 "{4F5A53E6-3CBE-44D7-91AD-2E535348484F}" = ccc-Branding "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet "{5985DC34-0F90-473E-4B11-79BDD38129EA}" = CCC Help Italian "{5B5B4253-B83B-970A-BF2A-BE76EB105C17}" = Catalyst Control Center Core Implementation "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch "{5F818EFF-7F69-3E9A-EA3D-78F7C3A6FD61}" = Catalyst Control Center Graphics Light "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{69D4EE67-EE0D-9CC4-1FDF-189B136EE1E5}" = ccc-utility "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EB8F02-9EA7-5893-93E9-17C473D919EA}" = CCC Help Portuguese "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet "{801A52D3-2855-BF00-0F13-8CFE6F79047D}" = Catalyst Control Center Localization Portuguese "{80A50951-628C-2476-095F-57BABB5B23B6}" = CCC Help Spanish "{80F05497-9244-9323-44D2-A919DDD7E4CC}" = Catalyst Control Center Localization Dutch "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{8A46C2AE-E88F-191E-5EA6-8BDBC37726F9}" = Catalyst Control Center Localization Norwegian "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{916DA72C-457F-E1F6-E121-B15E38F79C0D}" = CCC Help Japanese "{9306D753-8B36-06D4-0C39-9E6D58441C6C}" = Catalyst Control Center Localization Japanese "{99713F20-B2FA-5B9F-0775-46378377F905}" = Catalyst Control Center Localization Chinese Traditional "{9BCA646B-4EDE-5178-9755-4B3860F57111}" = Catalyst Control Center Localization Italian "{9BD418EE-31DE-1A67-5D3B-C83B0FAEAFBE}" = ccc-core-static "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9C573DB4-847C-44E2-D7EE-CC6640441A27}" = Catalyst Control Center Localization French "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A5B6B6E2-3460-567B-D269-38E0C99B455B}" = CCC Help Russian "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch "{B0BC58D2-3B22-6E43-E755-97569B788832}" = Catalyst Control Center Localization German "{B4F4B5A5-9B6E-15DC-BB9B-7AF45168F1DE}" = Catalyst Control Center Graphics Full Existing "{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD "{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center "{BB4CC91D-63C5-85F6-D7DE-2FECD29639F6}" = CCC Help Danish "{C2CBDFC6-D4E0-5747-5EBE-7579611CC562}" = Catalyst Control Center Graphics Full New "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C45901E9-F9B0-5F5A-C40E-BA45B115D76B}" = Catalyst Control Center Localization Russian "{C61664A1-6832-57B6-6189-0CD3F4E25E2F}" = CCC Help French "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C8AF8F27-F6D1-9193-9F1A-8CFFE2B2A9E6}" = CCC Help Finnish "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB1C5826-5A8A-1856-BB92-29704009E56F}" = Catalyst Control Center Localization Swedish "{CC187DB7-98D2-5485-4084-A092F9BB1F84}" = CCC Help Korean "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE "{D65FB87A-566D-2457-4775-899C220E048E}" = CCC Help Chinese Standard "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{DD43D652-6932-A54F-D7A5-D6448379E8F9}" = CCC Help Swedish "{E17047A0-167D-1BA3-983E-CEE6ED87A890}" = Skins "{E2FB1C9E-00C1-467E-BA75-E3FC6C4ACB3F}" = Pinnacle USB device drivers 2 "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver "{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F99AFBD3-0276-AF23-C1CC-FBF6A5F2865C}" = Catalyst Control Center Localization Danish "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Advanced Video FX Engine" = Advanced Video FX Engine "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.744 "CCleaner" = CCleaner "cmanatau" = Favorit "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "Creative OEM002" = Laptop Integrated Webcam Driver (1.00.10.0320) "DELL Webcam Center" = DELL Webcam Center "DELL Webcam Manager" = DELL Webcam Manager "ElsterFormular 11.1.2.3848" = ElsterFormular "ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular für Privatanwender und Unternehmer "ENTERPRISE" = Microsoft Office Enterprise 2007 "fc-prints" = fc-prints "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "Google Updater" = Google Updater "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63 "Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects "Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "kazaalite202_is1" = Kazaa Lite 2.6.1 "MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.1.1.75 (D) "MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D) "MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.1.1.108 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "MAGIX Video deluxe 2007 2008 D" = MAGIX Video deluxe 2007 2008 7.0.0.26 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200 "Meine CEWE FOTOWELT" = Meine CEWE FOTOWELT "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (1.5.0.7)" = Mozilla Firefox (1.5.0.7) "MSC" = McAfee SecurityCenter "PartyPoker" = PartyPoker "proDAD-Heroglyph-1.0" = proDAD Heroglyph 1.0 "proDAD-Heroglyph-2.0" = proDAD Heroglyph 2.0 "RealPlayer 6.0" = RealPlayer "SynTPDeinstKey" = Dell Touchpad "VLC media player" = VLC media player 0.9.8a "WinRAR archiver" = WinRAR "WinZip Self-Extractor" = WinZip Self-Extractor ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Code:
ATTFilter $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ º º hjtscanlist v2.0 º º $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Microsoft Windows [Version 6.0.6002] C: 09.06.2011 21:57 C:\Windows --------- 36864 09.06.2011 21:45 C:\Program Files --------- 28672 C:\hiberfil.sys --------- C:\pagefile.sys --------- 09.06.2011 01:11 C:\System Volume Information --------- 24576 08.06.2011 21:31 C:\ProgramData --------- 8192 27.06.2010 20:58 C:\31b9cfe29a97b2729a90 --------- 0 04.04.2010 09:50 C:\Downloads --------- 0 28.02.2010 10:51 C:\DELL --------- 8192 11.02.2010 22:37 C:\Boot --------- 4096 11.02.2010 20:13 C:\PerfLogs --------- 0 11.02.2010 17:55 C:\Users --------- 4096 11.02.2010 17:00 C:\BOOTSECT.BAK --------- 8192 11.02.2010 16:30 C:\$WINDOWS.~Q --------- 0 11.02.2010 16:26 C:\$INPLACE.~TR --------- 0 06.02.2010 15:03 C:\06a3b8ad9950d48b78f608366a2e8e --------- 0 03.02.2010 22:46 C:\e245eed4ffe3ae3b158a15 --------- 0 30.01.2010 19:18 C:\e05a182e96d59f1698 --------- 0 30.01.2010 19:06 C:\80f789126b34117fbf --------- 0 11.04.2009 00:36 C:\bootmgr --------- 333257 08.11.2007 19:06 C:\MSOCache --------- 0 08.08.2007 21:33 C:\Programs --------- 0 08.08.2007 20:43 C:\My Shared Folder --------- 0 05.08.2007 11:47 C:\adorage-protocol.txt --------- 403469 01.08.2007 23:14 C:\Programme --------- 0 01.08.2007 23:14 C:\Dokumente und Einstellungen --------- 0 29.07.2007 03:02 C:\dell.sdr --------- 4545 29.07.2007 02:55 C:\Drivers --------- 0 29.07.2007 02:54 C:\doctemp --------- 0 28.07.2007 19:30 C:\Setup.log --------- 174 02.11.2006 15:04 C:\$Recycle.Bin --------- 0 02.11.2006 15:02 C:\Documents and Settings --------- 0 18.09.2006 23:43 C:\config.sys --------- 10 18.09.2006 23:43 C:\autoexec.bat --------- 24 ---------------------------------------- C:\Windows 09.06.2011 21:32 C:\Windows\WindowsUpdate.log --------- 1098764 09.06.2011 21:12 C:\Windows\bootstat.dat --------- 67584 11.02.2010 20:26 C:\Windows\WindowsShell.Manifest --------- 749 11.02.2010 19:47 C:\Windows\SPInstall.etl --------- 442368 11.02.2010 14:27 C:\Windows\diagwrn.xml --------- 1887 11.02.2010 14:27 C:\Windows\diagerr.xml --------- 1887 16.08.2009 03:22 C:\Windows\ocsetup_install_NetFx3.etl --------- 50167808 16.08.2009 03:22 C:\Windows\ocsetup_cbs_install_NetFx3.perf --------- 49152 16.08.2009 03:22 C:\Windows\ocsetup_cbs_install_NetFx3.dpx --------- 16384 11.04.2009 00:27 C:\Windows\explorer.exe --------- 2926592 13.09.2008 11:34 C:\Windows\QTFont.qfn --------- 54156 16.02.2008 15:45 C:\Windows\nsreg.dat --------- 0 16.02.2008 15:41 C:\Windows\mozver.dat --------- 3425 19.01.2008 00:33 C:\Windows\regedit.exe --------- 134656 19.01.2008 00:33 C:\Windows\notepad.exe --------- 151040 19.01.2008 00:33 C:\Windows\fveupdate.exe --------- 13312 19.01.2008 00:33 C:\Windows\HelpPane.exe --------- 498176 19.01.2008 00:33 C:\Windows\bfsvc.exe --------- 58880 08.11.2007 19:07 C:\Windows\win.ini --------- 219 17.08.2007 14:11 C:\Windows\mgxoschk.ini --------- 6768 13.08.2007 11:11 C:\Windows\QTFont.for --------- 1409 04.08.2007 13:46 C:\Windows\Ulead32.ini --------- 20 29.07.2007 03:02 C:\Windows\csup.txt --------- 12 28.07.2007 19:29 C:\Windows\CT4CET.bin --------- 80 28.07.2007 19:18 C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 6062080 28.07.2007 19:18 C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 49152 28.07.2007 19:18 C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 16384 09.03.2007 02:19 C:\Windows\OEM002.uns --------- 4539 06.03.2007 13:37 C:\Windows\sttray.exe --------- 303104 02.03.2007 21:30 C:\Windows\CtDrvIns.exe.manifest --------- 670 22.02.2007 04:03 C:\Windows\DELL_VERSION --------- 36 02.02.2007 11:00 C:\Windows\OEM02Mon.exe --------- 36864 02.02.2007 11:00 C:\Windows\OEM02Cfg.exe --------- 28672 06.01.2007 04:21 C:\Windows\atiogl.xml --------- 11441 02.11.2006 14:35 C:\Windows\WMSysPr9.prx --------- 316640 02.11.2006 14:34 C:\Windows\twunk_16.exe --------- 49680 02.11.2006 14:34 C:\Windows\twunk_32.exe --------- 31232 02.11.2006 14:34 C:\Windows\twain_32.dll --------- 50688 02.11.2006 14:34 C:\Windows\twain.dll --------- 94784 02.11.2006 11:45 C:\Windows\winhlp32.exe --------- 9216 02.11.2006 11:45 C:\Windows\hh.exe --------- 14848 02.11.2006 09:46 C:\Windows\mib.bin --------- 43131 02.11.2006 08:46 C:\Windows\WMPrfDeu.prx --------- 33820 19.09.2006 13:41 C:\Windows\HomePremium.xml --------- 8328 18.09.2006 23:46 C:\Windows\system.ini --------- 219 18.09.2006 23:43 C:\Windows\_default.pif --------- 707 18.09.2006 23:43 C:\Windows\winhelp.exe --------- 256192 18.09.2006 23:30 C:\Windows\msdfmap.ini --------- 1405 16.06.2006 21:30 C:\Windows\CtDrvIns.exe --------- 90112 23.03.2004 12:23 C:\Windows\eSellerateEngine.dll --------- 352256 16.03.2003 00:15 C:\Windows\unvise32.exe --------- 90112 16.05.2001 01:49 C:\Windows\wmprfsve.prx --------- 33314 16.05.2001 01:49 C:\Windows\wmprftrk.prx --------- 32022 16.05.2001 01:49 C:\Windows\WMPrfAra.prx --------- 33336 16.05.2001 01:49 C:\Windows\wmprfrus.prx --------- 804 16.05.2001 01:49 C:\Windows\wmprfesp.prx --------- 35590 16.05.2001 01:49 C:\Windows\wmprffin.prx --------- 31764 16.05.2001 01:49 C:\Windows\wmprfslv.prx --------- 33580 16.05.2001 01:49 C:\Windows\wmprfheb.prx --------- 28718 16.05.2001 01:49 C:\Windows\wmprfhun.prx --------- 37014 16.05.2001 01:49 C:\Windows\wmprfita.prx --------- 35680 16.05.2001 01:49 C:\Windows\WMPrfJpn.prx --------- 23304 16.05.2001 01:49 C:\Windows\WMPrfKor.prx --------- 22338 16.05.2001 01:49 C:\Windows\wmprfnld.prx --------- 32964 16.05.2001 01:49 C:\Windows\wmprfnor.prx --------- 32852 16.05.2001 01:49 C:\Windows\wmprfplk.prx --------- 35822 16.05.2001 01:49 C:\Windows\wmprfptb.prx --------- 33694 16.05.2001 01:49 C:\Windows\wmprfptg.prx --------- 35916 16.05.2001 01:49 C:\Windows\wmprffra.prx --------- 37916 16.05.2001 01:48 C:\Windows\wmprfdan.prx --------- 31712 16.05.2001 01:48 C:\Windows\wmprfcsy.prx --------- 35474 16.05.2001 01:48 C:\Windows\WMPrfCHT.prx --------- 132 16.05.2001 01:48 C:\Windows\WMPrfCHS.prx --------- 136 16.05.2001 01:48 C:\Windows\wmprfsky.prx --------- 38232 16.05.2001 01:48 C:\Windows\wmprfell.prx --------- 36594 ---------------------------------------- C:\Windows\System 02.11.2006 14:34 C:\Windows\System\mciseq.drv --------- 25264 02.11.2006 14:34 C:\Windows\System\mciwave.drv --------- 28160 02.11.2006 14:34 C:\Windows\System\avifile.dll --------- 109456 02.11.2006 14:34 C:\Windows\System\avicap.dll --------- 69584 02.11.2006 14:34 C:\Windows\System\mciavi.drv --------- 73376 02.11.2006 14:34 C:\Windows\System\msvideo.dll --------- 126912 02.11.2006 09:10 C:\Windows\System\OLESVR.DLL --------- 24064 02.11.2006 09:10 C:\Windows\System\WFWNET.DRV --------- 12704 02.11.2006 09:10 C:\Windows\System\COMMDLG.DLL --------- 32816 02.11.2006 09:10 C:\Windows\System\TIMER.DRV --------- 4048 02.11.2006 09:10 C:\Windows\System\MMSYSTEM.DLL --------- 68992 02.11.2006 09:10 C:\Windows\System\mmtask.tsk --------- 1152 02.11.2006 09:10 C:\Windows\System\mouse.drv --------- 2032 02.11.2006 09:10 C:\Windows\System\vga.drv --------- 2176 02.11.2006 09:10 C:\Windows\System\sound.drv --------- 1744 02.11.2006 09:10 C:\Windows\System\keyboard.drv --------- 2000 02.11.2006 09:10 C:\Windows\System\SHELL.DLL --------- 5120 02.11.2006 09:10 C:\Windows\System\system.drv --------- 3360 18.09.2006 23:43 C:\Windows\System\ver.dll --------- 9008 18.09.2006 23:43 C:\Windows\System\olecli.dll --------- 82944 18.09.2006 23:43 C:\Windows\System\lzexpand.dll --------- 9936 18.09.2006 23:35 C:\Windows\System\stdole.tlb --------- 5532 ---------------------------------------- C:\Windows\System32 09.06.2011 21:15 C:\Windows\system32\Config.MPF --------- 5594 09.06.2011 21:14 C:\Windows\system32\FNTCACHE.DAT --------- 490904 09.06.2011 21:12 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3696 09.06.2011 21:12 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3696 09.06.2011 07:03 C:\Windows\system32\drivers --------- 57344 07.06.2011 08:03 C:\Windows\system32\WDI --------- 4096 06.06.2011 21:59 C:\Windows\system32\perfh009.dat --------- 595996 06.06.2011 21:59 C:\Windows\system32\perfc009.dat --------- 104070 06.06.2011 21:59 C:\Windows\system32\perfh007.dat --------- 628742 06.06.2011 21:59 C:\Windows\system32\perfc007.dat --------- 126260 06.06.2011 21:59 C:\Windows\system32\PerfStringBackup.INI --------- 1445116 04.06.2011 14:26 C:\Windows\system32\de-DE --------- 188416 04.06.2011 14:26 C:\Windows\system32\migration --------- 0 04.06.2011 14:26 C:\Windows\system32\wbem --------- 61440 04.06.2011 14:26 C:\Windows\system32\en-US --------- 12288 04.06.2011 14:22 C:\Windows\system32\catroot2 --------- 12288 04.06.2011 14:22 C:\Windows\system32\catroot --------- 0 04.06.2011 14:21 C:\Windows\system32\icrav03.rat --------- 8798 04.06.2011 14:21 C:\Windows\system32\ticrf.rat --------- 1988 04.06.2011 14:21 C:\Windows\system32\msls31.dll --------- 161792 04.06.2011 14:21 C:\Windows\system32\wininet.dll --------- 1126912 04.06.2011 14:21 C:\Windows\system32\jsproxy.dll --------- 65024 04.06.2011 14:21 C:\Windows\system32\iertutil.dll --------- 1785344 04.06.2011 14:21 C:\Windows\system32\msrating.dll --------- 162304 04.06.2011 14:21 C:\Windows\system32\urlmon.dll --------- 1102336 04.06.2011 14:21 C:\Windows\system32\RegisterIEPKEYs.exe --------- 74752 04.06.2011 14:21 C:\Windows\system32\SetIEInstalledDate.exe --------- 76800 04.06.2011 14:21 C:\Windows\system32\mshtmler.dll --------- 48640 04.06.2011 14:21 C:\Windows\system32\iesysprep.dll --------- 86528 04.06.2011 14:21 C:\Windows\system32\ieui.dll --------- 176640 04.06.2011 14:21 C:\Windows\system32\ieframe.dll --------- 9702400 04.06.2011 14:21 C:\Windows\system32\tdc.ocx --------- 63488 04.06.2011 14:21 C:\Windows\system32\html.iec --------- 367104 04.06.2011 14:21 C:\Windows\system32\dxtrans.dll --------- 223232 04.06.2011 14:21 C:\Windows\system32\dxtmsft.dll --------- 353792 04.06.2011 14:21 C:\Windows\system32\ieapfltr.dat --------- 3695416 04.06.2011 14:21 C:\Windows\system32\ieapfltr.dll --------- 434176 04.06.2011 14:21 C:\Windows\system32\icardie.dll --------- 66048 04.06.2011 14:21 C:\Windows\system32\ie4uinit.exe --------- 74240 04.06.2011 14:21 C:\Windows\system32\iernonce.dll --------- 31744 04.06.2011 14:21 C:\Windows\system32\ieuinit.inf --------- 72822 04.06.2011 14:21 C:\Windows\system32\iesetup.dll --------- 74752 04.06.2011 14:20 C:\Windows\system32\url.dll --------- 231936 04.06.2011 14:20 C:\Windows\system32\iedkcs32.dll --------- 353584 04.06.2011 14:20 C:\Windows\system32\inetcpl.cpl --------- 1427456 04.06.2011 14:20 C:\Windows\system32\webcheck.dll --------- 203776 04.06.2011 14:20 C:\Windows\system32\licmgr10.dll --------- 23552 04.06.2011 14:20 C:\Windows\system32\inseng.dll --------- 78848 04.06.2011 14:20 C:\Windows\system32\mshtmled.dll --------- 72704 04.06.2011 14:20 C:\Windows\system32\wextract.exe --------- 152064 04.06.2011 14:20 C:\Windows\system32\iexpress.exe --------- 150528 04.06.2011 14:20 C:\Windows\system32\msfeeds.dll --------- 580608 04.06.2011 14:20 C:\Windows\system32\vbscript.dll --------- 420864 04.06.2011 14:20 C:\Windows\system32\mshtml.dll --------- 12268544 04.06.2011 14:20 C:\Windows\system32\mshtml.tlb --------- 2382848 04.06.2011 14:20 C:\Windows\system32\ieUnatt.exe --------- 142848 04.06.2011 14:20 C:\Windows\system32\occache.dll --------- 123392 04.06.2011 14:20 C:\Windows\system32\pngfilt.dll --------- 54272 04.06.2011 14:20 C:\Windows\system32\mshta.exe --------- 11776 04.06.2011 14:20 C:\Windows\system32\admparse.dll --------- 101888 04.06.2011 14:20 C:\Windows\system32\ieaksie.dll --------- 227840 04.06.2011 14:20 C:\Windows\system32\ieakui.dll --------- 163840 04.06.2011 14:20 C:\Windows\system32\jscript9.dll --------- 1797632 04.06.2011 14:20 C:\Windows\system32\jscript.dll --------- 716800 04.06.2011 14:20 C:\Windows\system32\imgutil.dll --------- 35840 04.06.2011 14:20 C:\Windows\system32\advpack.dll --------- 114176 04.06.2011 14:20 C:\Windows\system32\iepeers.dll --------- 118784 04.06.2011 14:20 C:\Windows\system32\msfeedsbs.dll --------- 41472 04.06.2011 14:20 C:\Windows\system32\msfeedssync.exe --------- 10752 04.06.2011 14:20 C:\Windows\system32\IEAdvpack.dll --------- 110592 04.06.2011 14:20 C:\Windows\system32\ieakeng.dll --------- 130560 12.05.2011 20:20 C:\Windows\system32\mrt.exe --------- 42829768 06.04.2011 22:13 C:\Windows\system32\DRVSTORE --------- 0 06.04.2011 22:08 C:\Windows\system32\Tasks --------- 0 06.04.2011 16:20 C:\Windows\system32\dnssdX.dll --------- 197920 06.04.2011 16:20 C:\Windows\system32\dnssd.dll --------- 91424 06.04.2011 16:20 C:\Windows\system32\dns-sd.exe --------- 107808 06.04.2011 16:20 C:\Windows\system32\jdns_sd.dll --------- 75040 12.03.2011 23:55 C:\Windows\system32\XpsPrint.dll --------- 876032 10.03.2011 19:03 C:\Windows\system32\mfc42u.dll --------- 1162240 10.03.2011 19:03 C:\Windows\system32\mfc42.dll --------- 1136640 03.03.2011 17:42 C:\Windows\system32\inetcomm.dll --------- 739328 03.03.2011 17:40 C:\Windows\system32\Apphlpdm.dll --------- 28672 03.03.2011 15:35 C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384 03.03.2011 15:25 C:\Windows\system32\win32k.sys --------- 2041856 02.03.2011 17:44 C:\Windows\system32\dnsrslvr.dll --------- 86528 02.03.2011 17:44 C:\Windows\system32\dnsapi.dll --------- 168448 24.02.2011 14:31 C:\Windows\system32\WindowsPowerShell --------- 0 22.02.2011 16:13 C:\Windows\system32\XpsGdiConverter.dll --------- 288768 22.02.2011 15:33 C:\Windows\system32\DWrite.dll --------- 1068544 22.02.2011 15:33 C:\Windows\system32\FntCache.dll --------- 797696 18.02.2011 16:36 C:\Windows\system32\usbaaplrc.dll --------- 4184352 16.02.2011 18:16 C:\Windows\system32\atmlib.dll --------- 34304 16.02.2011 16:02 C:\Windows\system32\atmfd.dll --------- 292864 02.02.2011 18:11 C:\Windows\system32\MpSigStub.exe --------- 222080 21.01.2011 18:35 C:\Windows\system32\shlwapi.dll --------- 353280 21.01.2011 18:35 C:\Windows\system32\shell32.dll --------- 11586048 20.01.2011 18:08 C:\Windows\system32\dxgi.dll --------- 478720 20.01.2011 18:08 C:\Windows\system32\d3d10core.dll --------- 189952 20.01.2011 18:08 C:\Windows\system32\d3d10_1core.dll --------- 219648 ---------------------------------------- C:\Windows\Prefetch ---------------------------------------- C:\Windows\Tasks 09.06.2011 22:29 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1098 09.06.2011 21:12 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1094 09.06.2011 21:12 C:\Windows\Tasks\SA.DAT --------- 6 09.06.2011 07:43 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32578 04.06.2011 12:29 C:\Windows\Tasks\Google Software Updater.job --------- 868 15.05.2011 13:09 C:\Windows\Tasks\McDefragTask.job --------- 382 02.03.2011 23:28 C:\Windows\Tasks\McQcTask.job --------- 368 ---------------------------------------- C:\Windows\Temp ---------------------------------------- C:\Users\Marco\AppData\Local\Temp 09.06.2011 22:34 C:\Users\Marco\AppData\Local\Temp\Rar$DI00.507 --------- 0 09.06.2011 22:32 C:\Users\Marco\AppData\Local\Temp\VBE --------- 0 09.06.2011 22:32 C:\Users\Marco\AppData\Local\Temp\4852379.od --------- 134 09.06.2011 22:32 C:\Users\Marco\AppData\Local\Temp\CVRA0F.tmp.cvr --------- 0 09.06.2011 22:23 C:\Users\Marco\AppData\Local\Temp\~DF2780.tmp --------- 569344 09.06.2011 21:56 C:\Users\Marco\AppData\Local\Temp\Low --------- 0 09.06.2011 21:39 C:\Users\Marco\AppData\Local\Temp\~DF930.tmp --------- 16384 09.06.2011 21:30 C:\Users\Marco\AppData\Local\Temp\~DF84E5.tmp --------- 16384 09.06.2011 21:27 C:\Users\Marco\AppData\Local\Temp\~DF2CCD.tmp --------- 16384 09.06.2011 21:17 C:\Users\Marco\AppData\Local\Temp\~DF6BF5.tmp --------- 16384 09.06.2011 21:16 C:\Users\Marco\AppData\Local\Temp\~ROMFN_000008C8 --------- 1020 09.06.2011 07:31 C:\Users\Marco\AppData\Local\Temp\Z@RF46E.tmp --------- 41004 09.06.2011 07:31 C:\Users\Marco\AppData\Local\Temp\Z@SF47F.tmp --------- 1409 09.06.2011 07:31 C:\Users\Marco\AppData\Local\Temp\Z@RF344.tmp --------- 39800 09.06.2011 07:31 C:\Users\Marco\AppData\Local\Temp\Z@SF364.tmp --------- 1409 09.06.2011 07:08 C:\Users\Marco\AppData\Local\Temp\~DFAFD8.tmp --------- 16384 02.11.2006 14:34 C:\Users\Marco\AppData\Local\Temp\ppcrlui_4548_3 --------- 254216 02.11.2006 14:34 C:\Users\Marco\AppData\Local\Temp\ppcrlui_4568_7 --------- 254216 ---------------------------------------- C:\Program Files ---------------------------------------- C:\ProgramData\.. Windows Program Files hiberfil.sys pagefile.sys System Volume Information ProgramData 31b9cfe29a97b2729a90 Downloads DELL Boot PerfLogs Users BOOTSECT.BAK $WINDOWS.~Q $INPLACE.~TR 06a3b8ad9950d48b78f608366a2e8e e245eed4ffe3ae3b158a15 e05a182e96d59f1698 80f789126b34117fbf bootmgr MSOCache Programs My Shared Folder adorage-protocol.txt Programme Dokumente und Einstellungen dell.sdr Drivers doctemp Setup.log $Recycle.Bin Documents and Settings config.sys autoexec.bat ---------------------------------------- C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ---------------------------------------- Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 24 K System 4 Services 0 1.948 K smss.exe 432 Services 0 124 K csrss.exe 544 Services 0 1.740 K wininit.exe 596 Services 0 220 K csrss.exe 604 Console 1 9.088 K winlogon.exe 648 Console 1 640 K services.exe 696 Services 0 2.144 K lsass.exe 708 Services 0 3.080 K lsm.exe 716 Services 0 1.008 K svchost.exe 860 Services 0 2.688 K svchost.exe 944 Services 0 4.252 K svchost.exe 992 Services 0 16.228 K Ati2evxx.exe 1084 Services 0 356 K Ati2evxx.exe 1112 Console 1 908 K svchost.exe 1124 Services 0 5.412 K svchost.exe 1184 Services 0 47.332 K svchost.exe 1208 Services 0 9.008 K audiodg.exe 1336 Services 0 8.256 K svchost.exe 1360 Services 0 684 K SLsvc.exe 1380 Services 0 168 K svchost.exe 1412 Services 0 1.932 K svchost.exe 1572 Services 0 5.852 K taskeng.exe 1916 Services 0 1.632 K spoolsv.exe 1996 Services 0 2.212 K taskeng.exe 2028 Console 1 4.016 K sched.exe 308 Services 0 844 K dwm.exe 360 Console 1 41.420 K explorer.exe 520 Console 1 43.472 K svchost.exe 592 Services 0 2.768 K avguard.exe 2116 Services 0 13.280 K AppleMobileDeviceService. 2136 Services 0 1.792 K avshadow.exe 2200 Services 0 232 K mDNSResponder.exe 2312 Services 0 344 K HWAPI.exe 2448 Services 0 592 K mcods.exe 2484 Services 0 284 K McProxy.exe 2520 Services 0 6.892 K RedirSvc.exe 2544 Services 0 1.684 K MpfSrv.exe 2780 Services 0 2.952 K mps.exe 2828 Services 0 2.568 K msksrver.exe 2880 Services 0 376 K NMSAccessU.exe 2960 Services 0 168 K mpsevh.exe 3096 Console 1 1.940 K svchost.exe 3156 Services 0 216 K RoxWatch9.exe 3172 Services 0 1.740 K stacsv.exe 3360 Services 0 612 K svchost.exe 3380 Services 0 344 K ULCDRSvr.exe 3448 Services 0 140 K svchost.exe 3492 Services 0 196 K WLTRYSVC.EXE 3552 Services 0 104 K SearchIndexer.exe 3572 Services 0 23.328 K BCMWLTRY.EXE 3592 Services 0 4.348 K XAudio.exe 3668 Services 0 256 K mcmscsvc.exe 1740 Services 0 1.532 K OEM02Mon.exe 2076 Console 1 1.620 K USBTip.exe 660 Console 1 1.660 K realsched.exe 2284 Console 1 464 K RoxWatchTray9.exe 2248 Console 1 3.472 K QTTask.exe 1880 Console 1 248 K PCMService.exe 2932 Console 1 4.584 K RoxMediaDB9.exe 3124 Services 0 1.768 K mskagent.exe 2800 Console 1 2.776 K mcagent.exe 1396 Console 1 2.236 K GrooveMonitor.exe 2256 Console 1 3.824 K GoogleDesktop.exe 3028 Console 1 6.600 K WLTRAY.EXE 2752 Console 1 5.608 K sttray.exe 3248 Console 1 1.724 K iTunesHelper.exe 3468 Console 1 2.580 K avgnt.exe 536 Console 1 3.884 K mbamgui.exe 4000 Console 1 3.596 K GoogleToolbarNotifier.exe 2740 Console 1 2.132 K ehtray.exe 2592 Console 1 1.564 K DSAgnt.exe 2588 Console 1 5.008 K DLG.exe 1520 Console 1 296 K quickset.exe 2268 Console 1 3.496 K McNASvc.exe 3688 Services 0 6.252 K WmiPrvSE.exe 2836 Services 0 524 K ehmsas.exe 3288 Console 1 1.484 K mcupdmgr.exe 4328 Services 0 2.668 K svchost.exe 4632 Services 0 484 K WinMail.exe 4548 Console 1 1.840 K mcuimgr.exe 4540 Console 1 456 K CPSHelpRunner.exe 4596 Console 1 1.544 K iPodService.exe 5220 Services 0 948 K WUDFHost.exe 5064 Services 0 232 K iTunes.exe 4792 Console 1 15.072 K mbamservice.exe 4244 Services 0 21.612 K AppleMobileDeviceHelper.e 4120 Console 1 2.112 K distnoted.exe 4164 Console 1 1.684 K FlashUtil10e.exe 976 Console 1 2.020 K iexplore.exe 5152 Console 1 12.884 K iexplore.exe 1448 Console 1 83.540 K iexplore.exe 4020 Console 1 43.484 K conime.exe 3400 Console 1 2.248 K CCleaner.exe 6284 Console 1 18.112 K OTL.exe 6096 Console 1 19.668 K WINWORD.EXE 6532 Console 1 56.236 K WinRAR.exe 6312 Console 1 17.720 K cmd.exe 6268 Console 1 5.472 K SearchProtocolHost.exe 6788 Services 0 6.240 K SearchFilterHost.exe 7904 Services 0 5.076 K tasklist.exe 2012 Console 1 6.856 K WmiPrvSE.exe 7772 Services 0 5.884 K ***** Ende des Scans 09.06.2011 um 22:34:53,36 *** Code:
ATTFilter CC Cleaner 7-Zip 4.65 08.06.2011 3,13MB Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 08.06.2011 10.0.45.2 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 08.06.2011 10.0.45.2 Adobe Reader 7.0.8 - Deutsch Adobe Systems Incorporated 27.07.2007 7.0.8 Advanced Audio FX Engine 08.06.2011 Advanced Video FX Engine 08.06.2011 Apple Application Support Apple Inc. 18.04.2011 51,0MB 1.5.1 Apple Mobile Device Support Apple Inc. 05.04.2011 21,8MB 3.4.0.25 Apple Software Update Apple Inc. 05.04.2011 2,26MB 2.1.2.120 Assistant zum Anpassen des Dell-Systems Dell Inc. 27.07.2007 1.00.0000 ATI Catalyst Control Center 08.06.2011 24,00KB 1.007.0323.1740 ATI PCI Express (3GIO) Filter Driver AMD 27.07.2007 2,80MB 1.00.0000. Avira AntiVir Personal - Free Antivirus Avira GmbH 08.06.2011 114,4MB 10.0.0.648 Benutzerhandbuch 08.06.2011 0,82MB Bonjour Apple Inc. 18.04.2011 1,12MB 2.0.5.0 Broadcom Management Programs Broadcom Corporation 27.07.2007 10.15.03 Bullzip PDF Printer 6.0.0.744 Bullzip 02.03.2009 13,8MB CCleaner Piriform 08.06.2011 3,68MB 3.07 CDBurnerXP CDBurnerXP 29.03.2010 16,2MB 4.3.0.1991 Conexant HDA D330 MDC V.92 Modem 08.06.2011 0,68MB DeepBurner v1.8.0.224 08.06.2011 7,54MB Dell Resource CD Ihr Firmenname 27.02.2010 3,05MB 1.00.0000 Dell Support Center Dell 27.07.2007 1.0.07131 Dell Touchpad Synaptics 08.06.2011 17,2MB 9.1.18.6 DELL Webcam Center 08.06.2011 14,1MB DELL Webcam Manager 08.06.2011 0,77MB Dell Wireless WLAN Card Dell Inc. 08.06.2011 85,6MB 4.102.15.61 DellSupport Dell 27.07.2007 6.0.3075 Digital Line Detect BVRP Software, Inc 27.07.2007 0,27MB 1.21 ElsterFormular Landesfinanzdirektion Thüringen 15.01.2011 11.1.2.3848 ElsterFormular 2008/2009 Steuerverwaltung des Bundes und der Länder 06.10.2009 183,3MB 10.3.1.0 ElsterFormular für Privatanwender und Unternehmer Landesfinanzdirektion Thüringen 08.06.2011 10.367MB 12.0.0.5880k Favorit 08.06.2011 fc-prints HP Silverwire 02.11.2008 Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 16.08.2007 6,35MB 2.0.0.1 Full Tilt Poker 23.11.2009 74,7MB 4.22.22.WIN.FullTilt.COM Google Chrome Google Inc. 14.02.2009 332MB 11.0.696.77 Google Desktop Google 08.06.2011 21,3MB 5.9.1005.12335 Google Earth Google 29.09.2010 85,4MB 5.2.1.1588 Google Toolbar for Firefox Google 15.02.2008 0,96MB 3.0.20070525 Google Toolbar for Internet Explorer 08.06.2011 453MB Google Updater Google Inc. 08.06.2011 4,45MB 2.4.1487.6512 GPL Ghostscript Lite 8.63 02.03.2009 11,4MB Hollywood FX 5.5 Additional Effects 08.06.2011 427MB iTunes Apple Inc. 18.04.2011 143,9MB 10.2.2.12 Java(TM) 6 Update 18 Sun Microsystems, Inc. 01.02.2010 94,5MB 6.0.180 Java(TM) SE Runtime Environment 6 Sun Microsystems, Inc. 27.07.2007 1.6.0.0 Kazaa Lite 2.6.1 08.06.2011 6,80MB 2.6.1 Laptop Integrated Webcam Driver (1.00.10.0320) 11.02.2010 Live! Cam Avatar Creative 27.07.2007 12,4MB 1.0 Live! Cam Avatar Creator Creative 27.07.2007 180,8MB 4.5.2722.1 MAGIX Foto Manager 2007 4.1.1.75 (D) MAGIX AG 16.08.2007 65,5MB 4.1.1.75 MAGIX Goya burnR 2.3.1.3 (D) MAGIX AG 16.08.2007 28,6MB 2.3.1.3 MAGIX Music Manager 2007 8.1.1.108 (D) MAGIX AG 16.08.2007 63,1MB 8.1.1.108 MAGIX Online Druck Service 2.3.2.0 (D) MAGIX AG 16.08.2007 9,35MB 2.3.2.0 MAGIX Video deluxe 2007 2008 7.0.0.26 (D) MAGIX AG 16.08.2007 358MB 7.0.0.26 Malwarebytes' Anti-Malware Version 1.51.0.1200 Malwarebytes Corporation 07.06.2011 7,29MB 1.51.0.1200 McAfee SecurityCenter McAfee, Inc. 08.06.2011 74,0MB MediaDirect Dell 27.07.2007 64,7MB 4.7 Meine CEWE FOTOWELT 08.06.2011 382MB Microsoft .NET Framework 3.5 Language Pack SP1 - deu 08.06.2011 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 08.06.2011 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 08.06.2011 24,5MB 4.0.30319 Microsoft Office Enterprise 2007 Microsoft Corporation 08.06.2011 619MB 12.0.4518.1014 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.07.2007 0,41MB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 10.02.2010 0,59MB 9.0.30729 Microsoft Works Microsoft Corporation 27.07.2007 08.05.0822 Modem-Diagnose-Tool Dell 27.07.2007 1.0.20.0 Mozilla Firefox (1.5.0.7) Mozilla 08.06.2011 20,7MB 1.5.0.7 (de) MSXML 4.0 SP2 (KB927978) Microsoft Corporation 27.07.2007 1,25MB 4.20.9841.0 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 15.08.2007 1,27MB 4.20.9848.0 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 10.10.2007 1,27MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.11.2008 1,29MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,35MB 4.20.9876.0 NetWaiting BVRP Software, Inc 27.07.2007 4,77MB 2.5.44 OutlookAddinSetup CyberLink 27.07.2007 0,98MB 1.0.0 PartyPoker PartyGaming 08.06.2011 225MB 136 Pinnacle Hollywood FX for Studio 08.06.2011 427MB Pinnacle Instant DVD Recorder 08.06.2011 202MB 1.50.046 Pinnacle USB device drivers 2 08.06.2011 6,50MB 1.0.10 proDAD Heroglyph 1.0 08.06.2011 267MB proDAD Heroglyph 2.0 08.06.2011 57,6MB QuickSet Dell Inc. 27.07.2007 8.0.11 QuickTime Apple Inc. 05.04.2011 73,7MB 7.69.80.9 RealPlayer RealNetworks 08.06.2011 46,0MB Roxio Creator Audio Roxio 27.07.2007 3.3.0 Roxio Creator BDAV Plugin Roxio 27.07.2007 3.3.0 Roxio Creator Copy Roxio 27.07.2007 3.3.0 Roxio Creator Data Roxio 27.07.2007 3.3.0 Roxio Creator DE Roxio 27.07.2007 3.3.0 Roxio Creator Tools Roxio 27.07.2007 3.3.0 Roxio Express Labeler Roxio 27.07.2007 2.1.0 Roxio MyDVD DE Roxio, Inc. 27.07.2007 9.0.116 Roxio Update Manager Roxio 27.07.2007 3.0.0 SigmaTel Audio SigmaTel 27.02.2010 23,3MB 5.10.5102.0 SmartSound Quicktracks Plugin SmartSound Software Inc 04.08.2007 7,23MB 3.0.2.4 StarMoney 6.0 S-Edition StarFinanz GmbH 28.11.2007 153,8MB 6.0 Studio 9 Pinnacle Systems 08.06.2011 3.173MB 9.4 Studio 9 Content CD/DVD 08.06.2011 3.173MB 9.30.000 Tiscali Internet Tiscali 27.07.2007 1.0.0.35 Ulead VideoStudio 8.0 Ulead System 08.06.2011 341MB 8.0 URL Assistant 08.06.2011 VLC media player 0.9.8a VideoLAN Team 08.06.2011 60,4MB 0.9.8a WinRAR 08.06.2011 3,68MB WinZip Self-Extractor WinZip Computing, S.L. 08.06.2011 7,91MB |
10.06.2011, 10:26 | #2 |
/// Malware-holic | Sparkassen Trojaner ITAN Abfrage bitte erstelle und poste ein combofix log.
__________________http://www.bleepingcomputer.com/comb...x-benutzt-wird edit: das erstellen von combofix ist nötig um den spyeye den ich hier noch sehe runter zu putzen um das sichern der daten möglichst gefahrlos zu bewerkstelligen, danach sollten wir daten sichern und neu aufsetzen.
__________________ Geändert von markusg (10.06.2011 um 10:31 Uhr) |
10.06.2011, 10:28 | #3 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen Trojaner ITAN AbfrageZitat:
Normalerweise empfiehlt man bei sowas eine Neuinstallation von Windows.
__________________ |
10.06.2011, 20:58 | #4 |
| Sparkassen Trojaner ITAN Abfrage Hab den Registry Reviver drüber laufen lassen mit dem Ergebnis das Sage und Schreibe 246 Fehler gefunden wurden. Allerdings repariert das Programm die Fehler nicht auf der Freeware, sondern nur nach der Registrierung. Ist Eurer Meinung nach die Entfernung notwendig oder soll ich den Computer formatieren und neu aufsetzen? Könnt Ihr mir ein paar Tipps zum Neuaufsetzen geben? Danke für Eure Infos |
10.06.2011, 22:11 | #5 |
| Sparkassen Trojaner ITAN Abfrage Die TAN Abfrage ist seit heute Abend weg. Habe nochmal OTL drüber laufen lassen und Daten bereinigt. Gibt es einen sicheren SCAN, ob der Trojaner definitiv von meinem PC ist? Ansonsten setz ich meinen PC neu auf. |
10.06.2011, 22:34 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen Trojaner ITAN AbfrageZitat:
__________________ --> Sparkassen Trojaner ITAN Abfrage |
10.06.2011, 22:59 | #7 |
| Sparkassen Trojaner ITAN Abfrage Wenn Ihr mir zu format c ratet - mache ich das. Was würdet Ihr machen? Danke für die Antworten! |
10.06.2011, 23:03 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen Trojaner ITAN Abfrage Ich würde formatieren wenn du ernste Sache wie Onlinebanking machst.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Sparkassen Trojaner ITAN Abfrage |
7-zip, alternate, autorun, bonjour, bootmgr, cc cleaner, cdburnerxp, dnsapi.dll, druck, drvstore, ebanking, firefox, home, iexplore.exe, install.exe, itan-liste, logfile, malware.packer, malware.trace, mbamservice.exe, microsoft office word, mpsigstub.exe, notepad.exe, plug-in, pup.keylogger, recycle.bin, rogue.residue, sched.exe, searchplugins, shell32.dll, sparkassen trojaner, starmoney, start menu, sttray.exe, super, trojan.spyeyes, trojaner, twain.dll, twunk_32.exe, win32k.sys, wlan |