| |
| |||||||
Log-Analyse und Auswertung: Laptop ebenfalls infiziert (nach PC-Bereinigung)?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.07.2011, 15:30
| #1 |
 |  Laptop ebenfalls infiziert (nach PC-Bereinigung)? Hallo, hier also nun der 2. Thread. In einem anderen Thread wurde mein PC gereinigt - das Problem ist nun, dass ich per USB-Stick Daten zw. PC und Laptop getauscht habe und der Laptop daher ebenfalls infiziert sein könnte. Um mich nun nicht erneut gegenseitig zu infizieren, poste ich im folgenden die Log-Dateien (ich habe die Liste abgearbeitet). Ich wäre sehr dankbar, wenn das jemand prüfen könnte. :-) Noch kurz zu meinem System: Am Laptop habe ich Windows Vista, als Virenprogramm benutze ich Avira. Außerdem verwende ich Mozilla Firefox und Thunderbird. Hier erstmal die OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.07.2011 15:15:46 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,84% Memory free 6,21 Gb Paging File | 5,02 Gb Available in Paging File | 80,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 81,09 Gb Free Space | 56,29% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 86,78 Gb Free Space | 60,25% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.31 15:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.28 09:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2010.12.26 20:46:15 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe PRC - [2009.08.07 15:01:49 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.10 17:58:25 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.27 22:17:21 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.07.20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.20 18:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.07.02 04:51:00 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZg***.EXE PRC - [2008.04.28 09:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.23 16:58:54 | 000,397,312 | ---- | M] (*** Inc.) -- C:\Program Files\***\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\***\Empowering Technology\Service\ETService.exe PRC - [2008.03.21 14:22:32 | 000,376,832 | ---- | M] (***) -- C:\Program Files\***\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\*** Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\***\Mobility Center\MobilityService.exe PRC - [2007.10.23 11:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.08.03 18:46:34 | 000,114,688 | ---- | M] (Informatic Ltd.) -- C:\Program Files\Orfo 9.0\orfagent.exe ========== Modules (SafeList) ========== MOD - [2011.07.31 15:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.08.07 15:01:49 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.10 17:58:25 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.07.20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\***\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\*** Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\***\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.03.18 11:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2010.03.18 11:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2009.12.08 14:35:17 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.10 17:58:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.09 03:14:21 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.03.25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009.03.25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009.03.25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009.03.25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.07 09:05:44 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.08.07 09:05:42 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.07.28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.05.09 13:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\*** Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.04.21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.21 11:48:24 | 000,015,392 | ---- | M] (***, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.16 19:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\*** Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.03.28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.***.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_7730zg IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.***.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_7730zg IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.***.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_7730zg IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.***.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.***.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at | hxxp://de.pons.eu/ | hxxp://dict.leo.org/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.ftp: ":" FF - prefs.js..network.proxy.gopher: ":" FF - prefs.js..network.proxy.http: ":" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: ":" FF - prefs.js..network.proxy.ssl: ":" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.26 20:46:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.07.31 15:11:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.10 22:06:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.31 15:11:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.07.12 23:10:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.07.31 15:11:32 | 000,000,000 | ---D | M] [2010.09.01 14:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.01 14:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.07.31 14:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions [2010.11.02 12:02:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.16 22:11:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.26 20:28:41 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.10.29 18:37:05 | 000,000,000 | ---D | M] (???????????? ?? ?????????? Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\DeviceDetection@logitech.com [2010.12.26 20:28:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\meezzyy5.default\extensions\engine@conduit.com [2011.07.31 14:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.04.15 21:33:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.08 15:38:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.18 14:50:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.22 22:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.03 18:38:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.31 14:49:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.05.31 21:05:06 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [2011.07.31 15:11:19 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2010.12.26 20:46:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011.07.31 14:48:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.07.10 22:06:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.07.10 22:06:51 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.07.10 22:06:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.10 22:06:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.10 22:06:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\***\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (*** eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O3 - HKCU\..\Toolbar\ShellBrowser: (*** eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\***\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\***\Empowering Technology\ePower\ePower_DMC.exe (*** Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZg***.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ProductReg] C:\Program Files\***\WR_PopUp\ProductReg.exe (***) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: ORFO Rechtschreibprüfung starten - C:\Program Files\Orfo 9.0\orfoie.htm () O9 - Extra Button: ORFO Rechtschreibprüfung starten - {D343B8D4-B9F8-49A1-81DC-6DC7F34D4F71} - C:\Program Files\Orfo 9.0\orfoie.htm () O9 - Extra 'Tools' menuitem : ORFO Rechtschreibprüfung starten - {D343B8D4-B9F8-49A1-81DC-6DC7F34D4F71} - C:\Program Files\Orfo 9.0\orfoie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\***\Sonstiges\Pics\Bild092.jpg O24 - Desktop BackupWallPaper: D:\***\Sonstiges\Pics\Bild092.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\Shell - "" = AutoRun O33 - MountPoints2\{acdb7fe1-29bf-11de-aa9b-00238b486661}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\*** Arcade Deluxe\*** Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\*** Arcade Deluxe\*** Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: eAudio - hkey= - key= - C:\Program Files\***\Empowering Technology\eAudio\eAudio.exe (*** Incorporated) MsConfig - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - File not found MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - File not found MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\*** Arcade Deluxe\PlayMovie\PMVService.exe (*** Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.31 15:12:58 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2011.07.31 15:06:51 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.07.31 14:51:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.07.31 14:50:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Solid State Networks [2011.07.08 22:33:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry [2011.07.08 22:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2008.11.01 06:56:11 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\***\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\***\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\bass.dll [2 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.31 15:11:33 | 000,001,863 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2011.07.31 15:07:54 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.31 15:07:54 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.31 15:07:54 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.31 15:07:54 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.31 15:07:07 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.07.31 15:06:55 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.07.31 15:03:30 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.07.31 15:03:18 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.07.31 15:01:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.07.31 15:00:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.31 15:00:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.31 15:00:48 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.31 15:00:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.31 15:00:07 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys [2011.07.31 14:35:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.31 14:30:38 | 000,635,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.31 14:25:35 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.07.31 14:25:35 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.07.31 14:25:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.07.31 14:17:17 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2011.07.12 23:11:13 | 000,002,597 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2003.lnk [2011.07.08 22:33:36 | 000,000,022 | ---- | M] () -- C:\Users\***\netglassData.bin [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.31 15:03:18 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.07.31 14:54:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.07.31 14:25:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.07.31 14:17:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2011.07.08 22:33:36 | 000,000,022 | ---- | C] () -- C:\Users\***\netglassData.bin [2009.11.30 00:04:51 | 000,001,470 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml [2009.10.22 21:34:45 | 000,077,824 | ---- | C] () -- C:\Windows\System32\OrfoCalls.dll [2009.10.18 13:24:17 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.10.10 11:27:59 | 000,000,760 | ---- | C] () -- C:\Users\***\AppData\Roaming\setup_ldm.iss [2009.09.11 11:43:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.11 11:43:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.06.13 10:51:28 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.13 10:51:27 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.04.03 12:07:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.04.03 12:07:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2009.02.28 16:03:38 | 000,035,840 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.27 23:48:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.27 23:00:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.02.27 22:38:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.12.07 10:04:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.12.07 10:04:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008.12.07 10:04:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.11.01 06:55:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.10.31 23:48:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.10.31 23:48:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.10.31 23:28:53 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.10.31 23:13:20 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.10.31 23:01:33 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.10.31 23:01:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.10.31 23:01:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.10.31 23:01:33 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.10.31 22:37:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\***\AppData\Local\lame_enc.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,635,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\p***prf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\***\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\***\AppData\Local\no23xwrapper.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.02.28 00:59:55 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2008.10.31 23:43:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\*** GameZone Console [2010.05.16 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.02.28 01:00:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2009.06.13 10:51:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gaijin Ent [2009.02.28 14:34:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.11.30 11:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2009.10.03 14:58:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2009.04.15 14:56:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2010.09.01 14:40:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.07.31 14:55:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.02.27 22:17:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.02.27 22:19:30 | 000,000,000 | ---D | M] -- C:\*** [2009.02.27 22:14:49 | 000,000,000 | ---D | M] -- C:\***SW [2008.11.01 00:06:28 | 000,000,000 | ---D | M] -- C:\Book [2009.10.24 13:16:55 | 000,000,000 | -HSD | M] -- C:\Boot [2011.07.31 15:14:19 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.02.27 22:11:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.06.27 10:29:16 | 000,000,000 | ---D | M] -- C:\Downloads [2008.10.31 22:59:02 | 000,000,000 | ---D | M] -- C:\Intel [2010.03.25 12:38:39 | 000,000,000 | ---D | M] -- C:\*** [2008.10.31 23:16:41 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.10 21:46:11 | 000,000,000 | ---D | M] -- C:\Program Files [2011.06.13 17:52:16 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.02.27 22:11:04 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.31 15:18:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.02.27 22:14:19 | 000,000,000 | R--D | M] -- C:\Users [2009.03.01 13:54:29 | 000,000,000 | ---D | M] -- C:\WD2000ROOT [2009.03.01 13:54:29 | 000,000,000 | ---D | M] -- C:\WD2002ROOT [2011.07.31 15:12:58 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > [2007.01.18 22:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\***\AppData\Local\No23 Recorder.exe < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-31 12:26:34 < > < End of report > [/code] |
| Themen zu Laptop ebenfalls infiziert (nach PC-Bereinigung)? |
| antivir, autorun, bho, c:\windows\system32\rundll32.exe, converter, error, firefox, format, gereinigt, google earth, helper, home, hängen, intranet, launch, logfile, microsoft office word, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, otl.txt, plug-in, popup, problem, programm, realtek, registry, rundll, safer networking, scan, software, start menu, starten, system, vista, windows |
Baum-Darstellung