| |
| |||||||
Log-Analyse und Auswertung: Viren Yabectot, Malware-gen, GenericBT beseitigt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.09.2011, 12:01
| #1 |
 |  Viren Yabectot, Malware-gen, GenericBT beseitigt? Ich habe bei einem Virensuchlauf mit Avast!free 6 Virenfunde angezeigt bekommen - erstmalig. Das Avast-Programm hat vorgeschlagen, eine "Startzeit-Prüfung" durchzuführen, also vor dem Starten des Windows-Vista-Betriebssystems nach Viren zu suchen. Dabei wurden gefunden: "eBaysShurtcuts.exe ist infiziert von Win32:Yabector" Vor Schreck habe ich hier "löschen" löschen gewählt  Außerdem habe ich dann in den Virencontainer von Avast verschoben und isoliert: Malware-gen Name:38870422-76a11923 Ursprünglicher Ort: C:\User\a\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 Malware-gen VBGScan.zip C:\Program Files Malware-gen auf einer externen Festplatte mit Sicherungen I:\09.11.09\AppData\local\Temp\Temp1_VBGScan.zip VBGScan.exe Ich habe jetzt im abgesicherten Modus Avast! und Spybot sowie Ad-Aware über das System laufen lassen. Dabei hat Ad-Aware noch 1by1_166.exe einen kleinen Musikplayer, den ich schon lange nicht mehr genutzt habe, als Schadsoftware gemeldet, so dass ich auch diese Datei in den Container verschoben und isoliert habe. Avast meldet nun keine Viren mehr. Aber ist das System jetzt sauber? Ich habe, wie hier empfohlen, defogger laufen lassen, Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:30 on 12/09/2011 (a)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 12.09.2011 19:39:28 - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\a\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 58,86% Memory free 6,69 Gb Paging File | 5,54 Gb Available in Paging File | 82,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,50 Gb Total Space | 665,33 Gb Free Space | 72,99% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 8,33 Gb Free Space | 41,64% Space Free | Partition Type: FAT32 Computer Name: A-PC | User Name: a | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.12 18:50:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe PRC - [2011.09.12 17:14:31 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.09.12 17:14:31 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.06.30 17:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe PRC - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2008.09.09 18:32:00 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.09 01:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe PRC - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2005.01.27 21:48:34 | 000,057,344 | ---- | M] (KYOCERA MITA Corporation) -- C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2009.06.30 17:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe MOD - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe MOD - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ========== Win32 Services (SafeList) ========== SRV - [2011.09.12 17:14:31 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS) SRV - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS)) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009.07.03 10:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2008.09.25 15:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2008.09.22 20:10:00 | 007,400,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.08.21 11:57:22 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.07 02:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.09 12:10:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 12:28:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.22 11:49:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.03.02 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions [2010.03.02 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.08.24 17:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions [2009.09.24 16:43:56 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace} [2010.04.27 15:45:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.04 13:01:16 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2008.12.13 18:52:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2) [2011.01.02 18:07:03 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF} [2011.08.18 14:41:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.11.18 17:52:06 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.08.11 12:20:47 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\https-everywhere@eff.org [2010.11.04 14:53:01 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\quickstores@quickstores.de [2011.09.10 12:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.07.07 20:55:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.12.20 13:40:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.18 13:46:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.06 19:11:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.07.29 16:43:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.08.28 13:08:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2010.08.01 14:49:17 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2011.09.09 12:10:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.07.19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.22 18:03:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.22 18:03:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.03.22 18:03:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.22 18:03:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.22 18:03:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.22 18:03:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.02.19 19:06:35 | 000,297,607 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 10280 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (T3ToolbarHelper Class) - {164E93C4-09BF-4647-9E0B-D5FBB1D35E63} - C:\Programme\Das Örtliche Toolbar\DasOertlicheToolbar.dll () O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DasÖrtliche Toolbar) - {6E5B18CB-0EB6-4461-88B8-33B4683613D5} - C:\Programme\Das Örtliche Toolbar\DasOertlicheToolbar.dll () O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Launcher] C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe (KYOCERA MITA Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C8ED1F3-C984-4D61-A8E2-D71FD759C5F5}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB6241D3-9F10-462A-85BB-34F3A7719B35}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE0E0CB-E7E0-4248-AF95-3F2A8DBC94A4}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell - "" = AutoRun O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{f6ce2080-0df4-11e0-abd0-0021857552ad}\Shell\AutoRun\command - "" = K:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.12 18:50:33 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe [2011.09.12 17:12:09 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2011.09.12 17:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.09.12 17:10:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.08.28 13:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.08.28 13:06:18 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe [2011.05.30 16:17:28 | 003,096,424 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup307.exe [2011.04.23 14:33:32 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe [2011.04.23 13:59:39 | 000,568,648 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe [2011.04.04 19:24:26 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup305.exe [2011.03.20 16:06:40 | 000,772,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Mats_Run.performance.exe [2011.03.20 16:05:43 | 000,772,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Mats_Run.printing.exe [2011.03.18 13:52:24 | 006,277,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe [2011.01.26 18:52:49 | 003,006,368 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup303.exe [2011.01.13 22:01:31 | 002,827,728 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe [2011.01.06 17:49:33 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe [2010.12.30 17:03:35 | 004,044,900 | ---- | C] ((c) 2006-2008, Tom Thielicke ) -- C:\Program Files\tipp10_win_v2-0-3.exe [2010.12.20 13:43:43 | 004,750,496 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe [2010.10.14 21:42:28 | 004,229,377 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitSetup4.0.3.exe [2010.08.10 16:04:16 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe [2010.05.03 13:02:38 | 005,461,276 | ---- | C] (Igor Pavlov) -- C:\Program Files\TMViewerSetup.exe [2010.04.07 14:40:38 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup230.exe [2010.03.02 14:31:34 | 008,853,856 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 3.0.3.exe [2010.01.31 15:22:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2010.01.31 15:22:17 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2010.01.31 15:22:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2010.01.31 15:22:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2010.01.29 19:37:52 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup228.exe [2010.01.28 19:18:12 | 002,572,472 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitDownloaderSetup.exe [2009.12.02 14:06:33 | 001,128,916 | ---- | C] (www.hellopdf.com ) -- C:\Program Files\pdf2wordsetup.exe [2009.11.29 22:12:00 | 012,543,460 | ---- | C] (Andrea Vacondio) -- C:\Program Files\pdfsam-win32inst-v2_0_0.exe [2009.10.26 15:44:08 | 077,086,488 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstallation.exe [2009.10.14 14:26:51 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup224.exe [2009.05.15 13:43:03 | 003,227,248 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup219.exe [2009.05.01 11:28:15 | 218,474,518 | ---- | C] (Igor Pavlov) -- C:\Program Files\OOO31CBE.exe [2009.04.27 15:16:35 | 003,190,688 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup218.exe [2009.04.21 14:16:06 | 034,543,112 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareAE.exe [2009.02.19 18:59:10 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe [2008.12.31 16:43:22 | 001,018,074 | ---- | C] (Heinzle Christof) -- C:\Program Files\lameplugin.exe [2008.12.31 16:11:25 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe [2008.12.31 15:51:14 | 003,165,824 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup215.exe [2008.12.30 15:12:28 | 002,170,309 | ---- | C] (Free Software Foundation) -- C:\Program Files\gnupg-w32cli-1.4.9.exe [2008.12.29 19:36:10 | 002,188,592 | ---- | C] (www.orbitdownloader.com ) -- C:\Program Files\OrbitDownloader281Setup.exe [2008.12.13 22:19:13 | 006,557,639 | ---- | C] (Thorsten Fritz ) -- C:\Program Files\kompozer-0.77.de-DE.win32.installer.exe [2008.12.13 22:19:04 | 000,735,964 | ---- | C] (GegenStandpunkt Verlag, München) -- C:\Program Files\GS_Index_20071215.exe [2008.12.13 22:19:02 | 004,986,208 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\cibpdfplugin.exe [2008.12.13 22:19:01 | 012,785,408 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\cibpdfbrewer.exe [2008.12.13 22:18:51 | 002,955,128 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup213.exe [2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe [2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe ========== Files - Modified Within 30 Days ========== [2011.09.12 19:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2011.09.12 19:38:08 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.12 19:38:08 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.12 19:38:08 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.12 19:38:08 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.12 19:33:59 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.09.12 19:33:44 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.12 19:33:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.12 19:33:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.12 19:33:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.12 19:33:30 | 3485,663,232 | -HS- | M] () -- C:\hiberfil.sys [2011.09.12 19:30:36 | 000,000,000 | ---- | M] () -- C:\Users\a\defogger_reenable [2011.09.12 19:11:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.12 18:51:34 | 000,302,592 | ---- | M] () -- C:\Users\a\Desktop\5mox39wg.exe [2011.09.12 18:50:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe [2011.09.12 18:50:18 | 000,050,477 | ---- | M] () -- C:\Users\a\Desktop\Defogger.exe [2011.09.12 17:12:10 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.09.12 17:08:00 | 010,268,672 | ---- | M] () -- C:\Program Files\Ad-Aware95Install.msi [2011.09.10 00:05:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys ========== Files Created - No Company Name ========== [2011.09.12 19:33:58 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.09.12 19:30:36 | 000,000,000 | ---- | C] () -- C:\Users\a\defogger_reenable [2011.09.12 18:51:31 | 000,302,592 | ---- | C] () -- C:\Users\a\Desktop\5mox39wg.exe [2011.09.12 18:50:17 | 000,050,477 | ---- | C] () -- C:\Users\a\Desktop\Defogger.exe [2011.09.12 17:12:10 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.09.12 17:07:55 | 010,268,672 | ---- | C] () -- C:\Program Files\Ad-Aware95Install.msi [2011.09.10 22:21:30 | 3485,663,232 | -HS- | C] () -- C:\hiberfil.sys [2011.08.13 13:33:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.08.13 13:33:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.08.03 18:11:00 | 021,073,936 | ---- | C] () -- C:\Program Files\vlc-1.1.11-win32.exe [2011.07.29 16:37:17 | 002,448,352 | ---- | C] () -- C:\Program Files\mp3tagv249setup.exe [2011.06.28 15:09:07 | 021,022,914 | ---- | C] () -- C:\Program Files\vlc-1.1.10-win32.exe [2011.05.30 22:08:50 | 000,001,940 | ---- | C] () -- C:\Program Files\HiJackThis.lnk [2011.05.30 22:07:51 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi [2011.04.28 16:07:16 | 002,446,680 | ---- | C] () -- C:\Program Files\mp3tagv248setup.exe [2011.04.26 18:03:55 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe [2011.04.04 17:08:58 | 000,247,053 | ---- | C] () -- C:\Program Files\mp3DC213.exe [2011.03.31 13:08:00 | 020,586,196 | ---- | C] () -- C:\Program Files\vlc-1.1.8-win32.exe [2011.03.18 13:56:26 | 020,364,702 | ---- | C] () -- C:\Program Files\vlc-1.1.7-win32.exe [2011.03.14 19:59:08 | 004,437,496 | ---- | C] () -- C:\Program Files\Songr_1_9_17.zip [2011.02.20 17:36:14 | 168,166,968 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2010.12.22 23:45:41 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.12.09 17:21:36 | 019,985,265 | ---- | C] () -- C:\Program Files\vlc-1.1.5-win32.exe [2010.10.26 17:08:18 | 000,226,402 | ---- | C] () -- C:\Program Files\mp3DC212.exe [2010.10.14 21:43:16 | 000,008,619 | ---- | C] () -- C:\Program Files\obdeu.zip [2010.08.28 12:44:33 | 019,657,194 | ---- | C] () -- C:\Program Files\vlc-1.1.4-win32.exe [2010.08.20 14:23:40 | 019,563,096 | ---- | C] () -- C:\Program Files\vlc-1.1.3-win32.exe [2010.08.08 14:51:33 | 000,058,984 | ---- | C] () -- C:\Program Files\225p1es_00_dwv_eng.zip [2010.08.02 14:14:46 | 019,461,015 | ---- | C] () -- C:\Program Files\vlc-1.1.2-win32.exe [2010.08.01 14:43:51 | 001,295,402 | ---- | C] () -- C:\Program Files\ag_mp3_plugin_setup.exe [2010.07.27 14:10:19 | 151,343,200 | ---- | C] () -- C:\Program Files\OOo_3.2.1_Win_x86_install_de.exe [2010.05.25 20:43:14 | 003,099,136 | ---- | C] () -- C:\Program Files\openofficeorg32.msi [2010.05.25 20:41:42 | 000,460,088 | ---- | C] () -- C:\Program Files\setup.exe [2010.05.25 20:40:04 | 145,988,770 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2010.05.25 19:46:20 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2010.05.20 15:50:50 | 000,150,358 | ---- | C] () -- C:\Program Files\1by1_169.exe [2010.05.03 13:26:03 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe [2010.04.08 17:00:16 | 002,439,075 | ---- | C] () -- C:\Program Files\fc_setup_ (2).zip [2010.03.04 17:10:43 | 167,555,440 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_wJRE_de.exe [2010.03.02 16:44:27 | 002,024,035 | ---- | C] () -- C:\Program Files\Firesave.exe [2010.03.02 14:48:37 | 001,222,286 | ---- | C] () -- C:\Program Files\enigmail-1.0.1-tb-win.xpi [2010.03.02 14:20:10 | 000,000,213 | ---- | C] () -- C:\Program Files\PFADE.ini [2010.03.02 14:06:40 | 001,772,267 | ---- | C] () -- C:\Program Files\Thundersave_1.0.exe [2010.02.19 14:40:40 | 044,518,776 | ---- | C] () -- C:\Program Files\setup_av_free_2_.exe [2010.02.06 16:06:34 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe [2010.01.31 15:22:18 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2010.01.31 15:22:18 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2010.01.31 15:22:17 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010.01.28 19:53:14 | 000,127,083 | ---- | C] () -- C:\Program Files\1by1_168.exe [2009.11.29 22:05:33 | 001,137,763 | ---- | C] () -- C:\Program Files\sun-pdfimport10.zip [2009.10.07 13:45:28 | 149,845,064 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_de.exe [2009.07.11 14:35:13 | 017,828,326 | ---- | C] () -- C:\Program Files\vlc-1.0.0-win32.exe [2009.06.26 17:59:35 | 000,728,103 | ---- | C] () -- C:\Program Files\VAL v1.1.1 Setup.exe [2009.05.26 18:53:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.26 18:52:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.08 23:15:49 | 016,742,799 | ---- | C] () -- C:\Program Files\vlc-0.9.9-win32.exe [2009.05.07 15:31:52 | 147,695,064 | ---- | C] () -- C:\Program Files\OOo_3.1.0_Win32Intel_install_de.exe [2009.05.05 16:01:41 | 000,212,713 | ---- | C] () -- C:\Program Files\mp3DC211.exe [2009.05.05 15:59:51 | 000,121,784 | ---- | C] () -- C:\Program Files\1by1_167.exe [2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Program Files\openofficeorg31.msi [2009.04.16 15:33:14 | 000,049,230 | ---- | C] () -- C:\Program Files\download_manager_tweak-0.7.2-fx.xpi [2009.04.09 19:58:43 | 001,300,755 | ---- | C] () -- C:\Program Files\KKiller_v3.4.4.zip [2009.02.26 18:29:19 | 000,037,658 | ---- | C] () -- C:\Program Files\duplicate_contact_manager-0.6-tb.xpi [2009.01.27 20:28:46 | 000,111,016 | ---- | C] () -- C:\Program Files\image_zoom-0.3.1-fx+mz+tb+sm.xpi [2009.01.10 21:37:39 | 156,172,680 | ---- | C] () -- C:\Program Files\ooo300.exe [2009.01.04 19:29:10 | 000,938,576 | ---- | C] () -- C:\Program Files\7z463.exe [2009.01.02 17:05:44 | 016,320,472 | ---- | C] () -- C:\Program Files\vlc-0.9.8a-win32.exe [2008.12.31 18:34:50 | 007,949,158 | ---- | C] () -- C:\Program Files\kompozer-0.7.10-win32.zip [2008.12.31 16:28:55 | 023,804,784 | ---- | C] () -- C:\Program Files\aaw2008_11n.exe [2008.12.31 16:03:51 | 000,017,920 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.13 22:19:02 | 001,176,154 | ---- | C] () -- C:\Program Files\enigmail-0.95.6-tb+sm.xpi [2008.12.13 22:18:50 | 000,189,429 | ---- | C] () -- C:\Program Files\mp3DC209.exe [2008.12.13 20:35:07 | 000,000,296 | ---- | C] () -- C:\Users\a\AppData\Roaming\wklnhst.dat [2008.12.13 18:50:37 | 000,792,771 | ---- | C] () -- C:\Program Files\MozBackup-1.4.8-DE.exe [2008.12.13 18:29:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL [2008.12.13 18:27:40 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll [2008.12.13 18:25:25 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008.12.13 13:59:31 | 000,007,592 | ---- | C] () -- C:\Users\a\AppData\Local\d3d9caps.dat [2008.10.20 10:35:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.10.17 17:15:05 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini [2008.10.17 16:56:47 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2008.10.17 16:56:47 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_11.bin [2008.10.17 16:56:47 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_1.bin [2008.10.17 16:56:47 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_000116BE_1.bin [2008.10.08 14:51:57 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2008.10.08 13:26:22 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2008.10.08 13:01:08 | 000,000,023 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2008.10.08 12:00:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,342,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004.08.09 12:33:42 | 000,002,120 | ---- | C] () -- C:\Windows\System32\SETUP.INI [1996.12.14 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL [1996.12.14 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL ========== LOP Check ========== [2010.05.21 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\1by1 [2008.12.23 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Canon [2008.12.29 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FreeCommander [2011.04.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\gnupg [2009.03.20 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\GrabPro [2008.12.31 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\KompoZer [2010.10.27 00:46:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\mp3DirectCut [2011.08.15 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Mp3tag [2009.07.13 16:45:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\NewSoft [2009.01.11 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\OpenOffice.org [2011.08.12 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Orbit [2010.10.14 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ProgSense [2010.08.01 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\QuickStoresToolbar [2008.12.13 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ScanSoft [2008.12.11 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\T-Online [2010.11.07 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Template [2010.03.02 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Thunderbird [2011.09.12 19:33:59 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.09.12 19:32:37 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.09.12 19:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.09.2011 19:39:28 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\a\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 58,86% Memory free
6,69 Gb Paging File | 5,54 Gb Available in Paging File | 82,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,50 Gb Total Space | 665,33 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,33 Gb Free Space | 41,64% Space Free | Partition Type: FAT32
Computer Name: A-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16F0F7F3-488C-4AA1-ABAB-22FAF3223912}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F4397CD-37C3-40E3-B0B1-7274D6F100F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EFF7527-4F0F-45D1-A5C0-2B0E4065E938}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{2BC8FB88-0687-40C3-A27F-49EE217CA7E7}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{2C2E74A2-D96F-48DA-8108-4873693CCE58}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{310ECEC3-7B74-4397-9743-F16D50E33FBC}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{45309D49-E570-4F8B-8509-F5EBC2F6295C}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{60D7F137-EDE0-437C-9F60-1C6270FECC32}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{67FD3586-C46B-485F-BDD0-CBBD5D3B4182}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{778542EF-662A-4ECC-B4D8-10073B7F1560}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{86D163A6-DF5D-4587-B47E-A24F199CB735}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{971F723D-E217-476B-92EC-F53560FEEC1D}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{C26D8B14-A27E-4318-ADBD-8D9F44435B78}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{EA561401-BF6A-4197-A382-4B9B84ADADED}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{F8FB2EF4-15A9-4C7A-A817-D4ACCEBB7F85}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"TCP Query User{0DBCEF11-A161-4FC9-A43C-B3A6DF67CB66}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2269A1AC-35EA-4A68-B944-62B199FB548F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4786D182-205D-4DA7-B821-1C4117C3F511}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7F554A2A-7692-4D32-816B-73AB91F69D76}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{A1A7E116-EBE9-46DD-8BA0-1F485550A3BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{AD95235C-E55F-413A-9869-787161E0FCC0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{AE0903ED-5D4A-40C0-B731-50E45B24D9AA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C9242C20-292C-4928-9FFD-A8F831B16242}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{372DBCEF-F778-423E-A119-3B6A210795EB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{45A757A6-C8A4-4D5E-A3DC-40B3D07BB8F7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{485BA21F-C68B-4F9E-B9FB-DCFEC2400C68}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{9BFEB6C3-CC44-498C-A550-89DC12F80897}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{ADBFAA37-3FF7-4C78-9103-D33B5F14525E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{AE07151E-0FD6-4254-8FFD-3F1D671150A1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CCE7C458-827B-478D-9B66-797464074B01}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E1B0A721-4AF7-4A04-B9BB-C19638606219}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 27
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5079F5CA-210A-4C0C-9FBF-02CF77FB0EAC}" = NVIDIA PhysX v8.09.19
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA4850F-7E20-40D7-A4C3-3697E7FA4A54}" = Intel(R) Network Connections 13.2.8.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.17
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Trust Webcam
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.63
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"avast" = avast! Free Antivirus
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"Das Örtliche Toolbar" = Das Örtliche Toolbar
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeCommander_is1" = FreeCommander 2009.02a
"FS-720 Utilities" = Kyocera FS-720 Version 1.0
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"KompoZer_is1" = KompoZer 0.77
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"Mp3tag" = Mp3tag v2.49
"Neue deutsche Rechtschreibung für Microsoft Office 9x" = Neue deutsche Rechtschreibung für Microsoft Office 9x
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"PropFix" = Microsoft Office 97 Unique Identifier Removal Tool
"PROSetDX" = Intel(R) Network Connections 13.2.8.0
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Songr" = Songr
"TIPP10_is1" = TIPP10 Version 2.0.3
"VLC media player" = VLC media player 1.1.11
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 04.08.2009 06:47:28 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description =
Error - 29.08.2009 11:49:32 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description =
Error - 19.09.2009 07:29:50 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description =
Error - 13.10.2009 08:48:02 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description =
Error - 14.10.2009 07:17:59 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description =
Error - 10.11.2009 06:50:43 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description =
Error - 29.12.2009 13:34:52 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description =
Error - 03.02.2010 05:39:40 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description =
Error - 04.02.2010 07:48:58 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description =
Error - 16.02.2010 17:06:50 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 09.09.2011 08:33:47 | Computer Name = a-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 09.09.2011 08:33:47 | Computer Name = a-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 09.09.2011 21:17:07 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.09.2011 11:01:11 | Computer Name = a-PC | Source = EventSystem | ID = 4609
Description =
Error - 10.09.2011 11:01:46 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.09.2011 16:22:21 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.09.2011 17:31:45 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.09.2011 05:27:13 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.09.2011 05:49:50 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.09.2011 13:33:55 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.09.2011 09:04:19 | Computer Name = a-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 11.09.2011 09:35:07 | Computer Name = a-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{BFE0E0CB-E7E0-4248-AF95-3F2A8DBC94A4} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 11.09.2011 09:35:07 | Computer Name = a-PC | Source = netbt | ID = 4321
Description = Der Name "A-PC :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 0.0.0.0 registriert werden. Der Computer mit IP-Adresse 192.168.2.100
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 12.09.2011 11:12:10 | Computer Name = a-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
| Themen zu Viren Yabectot, Malware-gen, GenericBT beseitigt? |
| 7-zip, ad-aware, antivirus, audiograbber, autorun, bho, ccsetup, converter, downloader, error, excel.exe, festplatte, firefox, flash player, google earth, hijack, home, iexplore.exe, index, ip-adresse, keine viren, logfile, microsoft office word, mozilla thunderbird, mp3, netzwerk, nvlddmkm.sys, office 2007, plug-in, realtek, registry, rundll, safer networking, security, security update, senden, shell32.dll, starten, svchost.exe, usb, version=1.0, viren, yabector |
Baum-Darstellung