| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.10.2011, 19:11
| #1 |
| |  TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner Hallo, ich habe mehrere Trojaner auf meinem Rechner gehabt. Diese verhinderten die Ausführung von MBAM und Antivir. Nach Neuinstallation im abgesicherten Modus ließ sich das meiste entfernen (im abgesicherten und dann auch im normalen Modus). Dies geschah mit TDSSkiller, MBAM und Antivir. Seitdem spinnen die TCP/IP-Verbindungen und sind nur noch manuell konfigurierbar. Ich frage mich nun, ob ich alles beseitigt habe. Gruß Boeing Anbei die Logfiles: OTL logfile created on: 05.10.2011 16:58:26 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Dokumente und Einstellungen\lsy\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 76,13% Memory free 2,78 Gb Paging File | 2,29 Gb Available in Paging File | 82,61% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 51,95 Gb Total Space | 3,06 Gb Free Space | 5,89% Space Free | Partition Type: NTFS Computer Name: WORKPADSJ | User Name: lsy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.05 16:52:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\lsy\Desktop\OTL.exe PRC - [2011.09.23 18:08:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.09.23 18:01:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.23 11:38:18 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.09.16 02:34:40 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2009.11.17 10:35:22 | 002,530,656 | ---- | M] (ashampoo GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo UnInstaller 2010\UIWatcher.exe PRC - [2008.04.17 14:00:00 | 000,118,784 | R--- | M] (FUJITSU LIMITED) -- C:\Addon\Fujitsu\PSUtility\TrayManager.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.01.31 17:37:40 | 000,088,616 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2007.11.07 11:32:24 | 000,798,720 | ---- | M] (T-Mobile) -- C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe PRC - [2007.04.06 12:06:58 | 000,057,344 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\ZSSnp211.exe PRC - [2007.04.05 14:57:52 | 003,251,800 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe PRC - [2006.07.21 06:14:00 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2006.04.20 14:23:46 | 000,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2005.07.21 14:21:58 | 000,353,792 | ---- | M] (FUJITSU LIMITED) -- C:\Addon\Fujitsu\Application Panel\QuickTouch.exe PRC - [2005.07.21 14:20:46 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe ========== Modules (No Company Name) ========== MOD - [2011.09.16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.04.05 14:57:52 | 003,251,800 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe MOD - [2007.04.03 12:09:56 | 000,393,728 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (WirelessSelectorService) SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService) SRV - File not found [Auto | Stopped] -- -- (NitroReaderDriverReadSpool2) SRV - File not found [Auto | Stopped] -- -- (IAANTMON) Intel(R) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (gtdetectsc) SRV - File not found [Auto | Stopped] -- -- (EPGService) SRV - File not found [Auto | Stopped] -- -- (DfSdkS) SRV - File not found [Auto | Stopped] -- -- (AgereModemAudio) SRV - File not found [Auto | Stopped] -- -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - File not found [Auto | Stopped] -- -- (AAV UpdateService) SRV - [2011.09.23 18:08:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.09.23 18:01:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.04.14 14:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc) SRV - [2008.04.14 14:00:00 | 000,036,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip) SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (ASFWHide) DRV - [2011.09.18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.08.31 20:08:01 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009.09.02 01:37:16 | 000,016,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hppaufd0.sys -- (dot4ufd) DRV - [2009.07.27 01:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR) DRV - [2009.07.27 01:00:00 | 000,044,064 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2008.11.16 21:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.06.27 03:39:42 | 000,332,928 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2008.04.17 06:33:00 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.04.14 14:00:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008.04.13 23:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB) DRV - [2008.03.20 14:00:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.28 00:46:28 | 000,418,304 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw66xxx.sys -- (hcw66xxx) DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217obex.sys -- (s217obex) DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM) DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007.09.21 15:09:00 | 000,029,184 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772) DRV - [2007.08.03 11:27:04 | 001,470,592 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC211) ZSMC USB PC Camera (ZS0211) DRV - [2007.07.09 14:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP) DRV - [2007.06.26 13:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS) DRV - [2007.03.30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005.07.21 14:20:46 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd) DRV - [2005.06.10 07:55:28 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4) DRV - [2005.04.18 16:15:54 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET) DRV - [2004.01.16 14:00:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2001.08.01 11:00:22 | 000,005,248 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.07 07:53:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.13 18:05:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.03 20:57:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.07.31 13:06:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.07.03 20:57:24 | 000,000,000 | ---D | M] [2010.08.26 11:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Extensions [2009.10.27 22:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66} [2010.08.26 11:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.30 14:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\8xhgcz5a.default\extensions [2009.12.30 21:25:32 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\8xhgcz5a.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.04.30 11:08:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\8xhgcz5a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.24 22:54:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\8xhgcz5a.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.03.25 00:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\8xhgcz5a.default\extensions\nostmp [2011.10.05 13:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.09 07:33:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.06.07 13:52:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.18 21:13:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\LSY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\8XHGCZ5A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\LSY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\8XHGCZ5A.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2010.04.13 19:30:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.09.13 18:05:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.17 11:22:35 | 000,432,370 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14881 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [Ashampoo FireWall] C:\Programme\Ashampoo\Ashampoo FireWall\FireWall.exe () O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PSUtility] C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TvOutSwitch] C:\Addon\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe (ZSMCSNAP) O4 - HKCU..\Run: [ABBYY Screenshot Reader Bonus] File not found O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe () O4 - HKCU..\Run: [UIWatcher] C:\Programme\Ashampoo\Ashampoo UnInstaller 2010\UIWatcher.exe (ashampoo GmbH & Co. KG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\web'n'walk Manager.lnk = C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\Office\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\Ashampoo\Ashampoo FireWall\spi.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\pnrpnsp.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\pnrpnsp.dll File not found O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range39 ([*] in Lokales Intranet) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248270700551 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248337956218 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B738C1-7B83-4F45-8C4E-E6C2A096D24F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B738C1-7B83-4F45-8C4E-E6C2A096D24F}: NameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.20 06:45:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{45b517ff-5cec-11df-af06-00216a78a3ee}\Shell - "" = AutoRun O33 - MountPoints2\{45b517ff-5cec-11df-af06-00216a78a3ee}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{45b517ff-5cec-11df-af06-00216a78a3ee}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1 O33 - MountPoints2\{a6b54888-a5a8-11e0-992d-00232669a847}\Shell - "" = AutoRun O33 - MountPoints2\{a6b54888-a5a8-11e0-992d-00232669a847}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a6b54888-a5a8-11e0-992d-00232669a847}\Shell\AutoRun\command - "" = E:\preinst.exe O33 - MountPoints2\{e22259f2-c537-11de-925c-00216a78a3ee}\Shell - "" = AutoRun O33 - MountPoints2\{e22259f2-c537-11de-925c-00216a78a3ee}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e22259f2-c537-11de-925c-00216a78a3ee}\Shell\AutoRun\command - "" = E:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (DfSDKBt) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation) NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "Nero BackItUp Scheduler 3" MsConfig - StartUpReg: Load - hkey= - key= - File not found MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: Run - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\WINDOWS\System32\ [2011.10.05 16:52:36 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\lsy\Desktop\OTL.exe [2011.10.05 16:50:10 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\39989033.sys [2011.10.05 14:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011.10.05 14:02:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cisco Systems VPN Client [2011.10.05 14:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Deterministic Networks [2011.10.05 13:57:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.10.05 13:57:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.10.05 13:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.10.05 13:55:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\lsy\Recent [2011.10.05 13:42:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Ashampoo [2011.10.05 13:41:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ashampoo [2011.10.05 13:14:48 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011.10.05 09:18:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Avira [2011.10.05 09:18:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2011.10.05 09:18:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011.10.05 09:18:40 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.10.05 09:18:40 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.10.05 09:18:40 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2011.10.05 09:18:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2011.10.03 13:54:05 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Eigene Videos [2011.10.03 13:51:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2011.10.03 13:38:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\lsy\Desktop\dds.scr [2011.10.03 09:54:07 | 000,000,000 | ---D | C] -- C:\Programme\M4a to MP3 Converter [2011.09.14 03:04:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Kathi [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\WINDOWS\System32\ [2011.10.05 16:57:06 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\defogger_reenable [2011.10.05 16:52:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\lsy\Desktop\OTL.exe [2011.10.05 16:50:10 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\39989033.sys [2011.10.05 14:04:35 | 000,459,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.10.05 14:04:35 | 000,441,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.10.05 14:04:35 | 000,085,224 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.10.05 14:04:35 | 000,071,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.10.05 14:03:40 | 000,001,680 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\VPN Client.lnk [2011.10.05 14:03:40 | 000,001,124 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Crewportal via VPN.lnk [2011.10.05 14:03:33 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF [2011.10.05 14:02:56 | 000,001,974 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2011.10.05 13:56:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.10.05 13:56:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.10.05 13:56:15 | 3148,304,384 | -HS- | M] () -- C:\hiberfil.sys [2011.10.05 13:41:03 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Ashampoo FireWall.lnk [2011.10.05 13:25:03 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.10.05 13:12:33 | 000,000,372 | ---- | M] () -- C:\WINDOWS\delrws.bat [2011.10.05 13:07:40 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF [2011.10.05 09:17:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1117667205 [2011.10.03 13:51:19 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735} [2011.10.03 13:41:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\lsy\Desktop\dds.scr [2011.10.01 11:48:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.09.25 22:05:38 | 000,119,208 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\MYCP-Aufnahmeantrag.pdf [2011.09.20 21:25:01 | 000,313,060 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Kündigung.pdf [2011.09.20 20:23:28 | 000,000,096 | ---- | M] () -- C:\WINDOWS\HAFASWIN.INI [2011.09.18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2011.09.15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.05 16:57:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\defogger_reenable [2011.10.05 14:03:40 | 000,001,680 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\VPN Client.lnk [2011.10.05 14:03:40 | 000,001,124 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Crewportal via VPN.lnk [2011.10.05 14:02:56 | 000,001,974 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2011.10.05 13:41:03 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Ashampoo FireWall.lnk [2011.10.05 13:34:17 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Präriewind.bmp [2011.10.05 13:34:17 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe-Stuck.bmp [2011.10.05 13:34:17 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Fächer.bmp [2011.10.05 13:34:17 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit.bmp [2011.10.05 13:34:17 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2011.10.05 13:34:17 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotek.bmp [2011.10.05 13:34:16 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Seifenblase.bmp [2011.10.05 13:34:16 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Angler.bmp [2011.10.05 13:34:16 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kaffeetasse.bmp [2011.10.05 13:34:16 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Feder.bmp [2011.10.05 13:34:16 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blaue Spitzen 16.bmp [2011.10.05 13:34:13 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib [2011.10.05 13:34:13 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib [2011.10.05 13:34:13 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib [2011.10.05 13:34:13 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib [2011.10.05 13:34:13 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib [2011.10.05 13:34:13 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib [2011.10.05 13:34:13 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib [2011.10.05 13:34:13 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib [2011.10.05 13:34:12 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib [2011.10.05 13:34:12 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib [2011.10.05 13:34:12 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib [2011.10.05 13:34:12 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib [2011.10.05 13:34:12 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib [2011.10.05 13:34:12 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib [2011.10.05 13:34:12 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib [2011.10.05 13:34:12 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib [2011.10.05 13:34:12 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib [2011.10.05 13:34:12 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib [2011.10.05 13:34:12 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib [2011.10.05 13:34:11 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib [2011.10.05 13:12:33 | 000,000,372 | ---- | C] () -- C:\WINDOWS\delrws.bat [2011.10.05 13:02:53 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011.10.05 11:20:02 | 3148,304,384 | -HS- | C] () -- C:\hiberfil.sys [2011.10.03 13:51:19 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735} [2011.10.03 10:56:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1117667205 [2011.09.25 22:03:08 | 000,119,208 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\MYCP-Aufnahmeantrag.pdf [2011.09.20 21:24:38 | 000,313,060 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Eigene Dateien\Kündigung.pdf [2011.08.02 20:45:00 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.08.02 20:43:49 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2011.07.21 10:42:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2011.05.23 22:18:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2011.04.21 18:35:15 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\AVSDVDPlayer.m3u [2011.03.03 00:54:00 | 000,000,086 | ---- | C] () -- C:\WINDOWS\CIV.INI [2010.07.03 15:57:27 | 000,000,399 | ---- | C] () -- C:\WINDOWS\vtplus32.ini [2010.07.03 15:57:25 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2010.07.03 15:57:25 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2010.07.03 15:56:19 | 000,032,135 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2010.07.03 15:56:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2010.07.03 15:55:10 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.07.03 15:55:09 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2010.07.03 15:53:59 | 000,004,527 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2010.07.03 15:52:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2010.03.23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2009.12.02 14:42:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2009.11.29 22:09:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI [2009.11.18 16:38:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe [2009.11.05 16:14:34 | 000,228,216 | ---- | C] () -- C:\WINDOWS\OptionPCCardInstaller_tmccUninstall.exe [2009.11.01 17:28:08 | 000,000,057 | ---- | C] () -- C:\WINDOWS\init.ini [2009.11.01 17:28:04 | 000,065,973 | ---- | C] () -- C:\WINDOWS\sem_GCXXUninstall.exe [2009.11.01 17:27:57 | 000,072,985 | ---- | C] () -- C:\WINDOWS\OptionPluss_PCCardInstallerUninstall.exe [2009.11.01 17:27:57 | 000,067,722 | ---- | C] () -- C:\WINDOWS\OptionHsdpaGTMax72ExpressInstallerUninstall.exe [2009.11.01 17:27:56 | 000,091,622 | ---- | C] () -- C:\WINDOWS\OptionPCCardInstallerUninstall.exe [2009.10.27 23:12:18 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.10.27 23:12:18 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.10.24 23:35:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.10.24 04:14:26 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2009.10.24 04:14:18 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2009.10.24 02:52:44 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2009.10.24 02:47:06 | 000,000,096 | ---- | C] () -- C:\WINDOWS\HAFASWIN.INI [2009.10.24 02:46:54 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini [2009.10.24 02:41:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.10.24 02:22:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.10.23 15:38:17 | 000,087,552 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.23 15:18:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll [2009.07.22 15:32:54 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.07.22 15:32:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini [2009.07.22 15:25:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.07.22 15:24:28 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2009.07.22 15:24:28 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2009.07.22 15:24:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2009.05.20 07:35:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.05.20 07:34:26 | 000,312,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.05.20 07:08:33 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2009.05.20 06:49:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.05.20 06:41:39 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.05.20 06:27:37 | 000,001,098 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009.05.20 06:27:19 | 000,459,898 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2009.05.20 06:27:19 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2009.05.20 06:27:19 | 000,085,224 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2009.05.20 06:27:19 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2009.05.20 06:27:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2009.05.20 06:26:59 | 000,441,960 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2009.05.20 06:26:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2009.05.20 06:26:59 | 000,071,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2009.05.20 06:26:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2009.05.20 06:26:56 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2009.05.20 06:26:56 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2009.05.20 06:26:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2009.05.20 06:26:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2009.05.20 06:26:45 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2009.05.20 06:26:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2009.05.20 06:26:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.10.22 08:53:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll [2007.08.06 13:34:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\bmverify.exe ========== LOP Check ========== [2010.03.03 12:49:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2011.01.18 13:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo [2010.05.11 12:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Birdstep Technology [2011.09.16 20:47:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2009.10.23 15:28:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CENKEYS [2011.07.03 21:17:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2009.12.30 21:19:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN [2009.10.24 02:46:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HaCon [2010.09.07 07:49:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.10.24 02:52:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2011.07.03 20:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF [2010.01.07 12:43:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.12.16 22:42:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet [2011.09.29 13:07:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rose Point Navigation Systems [2011.07.20 20:57:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2011.07.03 21:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2011.09.16 20:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Canon [2011.07.03 20:45:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Downloaded Installations [2011.08.17 02:05:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox [2011.06.08 15:25:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Epson [2010.01.21 11:59:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\GARMIN [2011.08.02 20:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Gutscheinmieze [2009.10.24 02:46:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\HaCon [2010.05.05 18:25:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\IrfanView [2011.01.10 12:56:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Local [2011.09.29 17:09:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Nitro PDF [2010.01.09 09:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Nokia [2010.08.29 15:25:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Notepad++ [2009.10.24 12:39:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\OpenOffice.org [2010.09.07 07:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\PC Suite [2009.10.30 11:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Programme [2009.10.27 22:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Scendix Software [2011.08.31 05:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Simfy [2010.08.26 11:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Thunderbird [2011.06.29 20:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\TrueCrypt [2010.02.04 08:22:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.05.17 18:14:36 | 000,000,000 | ---D | M] -- C:\Addon [2010.05.01 00:24:12 | 000,000,000 | ---D | M] -- C:\ChartKit [2011.10.05 14:03:33 | 000,000,000 | ---D | M] -- C:\Config.Msi [2010.05.03 18:50:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.09.30 18:30:35 | 000,000,000 | ---D | M] -- C:\DOSBOX [2010.07.09 13:55:58 | 000,000,000 | ---D | M] -- C:\Garmin [2010.12.13 12:02:06 | 000,000,000 | ---D | M] -- C:\Intel [2010.12.08 15:36:58 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.07.03 21:19:16 | 000,000,000 | ---D | M] -- C:\Program Files [2011.10.05 13:57:38 | 000,000,000 | R--D | M] -- C:\Programme [2009.10.23 14:45:14 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.04.22 13:45:59 | 000,000,000 | ---D | M] -- C:\Spiele [2011.10.05 14:27:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.10.03 13:53:22 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine [2009.12.30 21:26:43 | 000,000,000 | ---D | M] -- C:\WebUpdater [2011.10.05 14:03:36 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: REGEDIT.EXE > [2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\I386\REGEDIT.EXE [2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-29 04:06:53 < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB58498$] -> Error: Cannot create file handle -> Unknown point type < End of report > OTL Extras logfile created on: 05.10.2011 16:58:26 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Dokumente und Einstellungen\lsy\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 76,13% Memory free 2,78 Gb Paging File | 2,29 Gb Available in Paging File | 82,61% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 51,95 Gb Total Space | 3,06 Gb Free Space | 5,89% Space Free | Partition Type: NTFS Computer Name: WORKPADSJ | User Name: lsy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Programme\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [dm-Fotowelt] -- "C:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\ALFA\AWUS036H Wireless LAN Utility\RtWLan.exe" = C:\Programme\ALFA\AWUS036H Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.) "C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe" = C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate "D:\fsetup.exe" = D:\fsetup.exe:*:Enabled:AVM FSetup Application "C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled  ropbox"C:\Programme\Funkwerk Secure IPSec Client\NCPMON.exe" = C:\Programme\Funkwerk Secure IPSec Client\NCPMON.exe:* isabled:ncpmon.exe"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:* isabled:Winamp -- (Nullsoft, Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 26 "{271274D2-92C6-4EEC-A0AD-9DA5272AD5C9}" = Lifebook Application Panel "{272979FC-6D4A-4C25-B71A-32DD4974A022}" = Fujitsu Hotkey Utility "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 "{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211) "{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader "{469ED3E8-D21E-40E8-B00F-63516D26FAE3}" = O2Micro Flash Memory Card Windows Driver "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51202133-E0F9-4314-ACA4-AACBA46A6C69}" = Wireless Selector "{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager "{5C3EA21C-22C0-4A44-BE58-D8CBB2F2B6B2}" = OZ711 SCR Driver "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8 "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{90140000-001C-0000-0000-0000000FF1CE}" = Microsoft Office Access Runtime 2010 "{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{FA978F90-F7AB-4CF6-BCF5-885CF559DE7C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1) "{90140000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime MUI (German) 2010 "{90140000-001C-0407-0000-0000000FF1CE}_Office14.AccessRT_{264417E7-E622-456E-9666-3298344AF72C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.AccessRT_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011 "{A16D4B6A-7EEB-40B1-7563-05555591C5C4}" = simfy "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A75BDD40-6540-4922-BFF7-D9DCCECAD714}" = Nitro PDF Reader 2 "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE255C55-E0CF-4591-AA86-CAA19AA32C53}" = Garmin TOPO Deutschland v3 "{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290 "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 "{B976F8E5-6A68-482C-8371-1DF9C70F7E2E}_is1" = sipgate X-Lite 1105c ger "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D121161E-AD64-4438-97A0-66A1AB7FFDE3}" = Works Suite-Betriebssystem-Pack "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater "{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility "{E6601849-7CD7-4426-BB04-4F0BEDB481C7}" = nv.digital "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FD7BF5F3-C6DE-45B6-A0E2-EA623CB93776}" = abas GUI Tools "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Ashampoo FireWall_is1" = Ashampoo FireWall 1.20 "Ashampoo UnInstaller 2010_is1" = Ashampoo UnInstaller 2010 "AudioCon" = AudioCon "Avira AntiVir Desktop" = Avira Free Antivirus "AVS DVD Player_is1" = AVS DVD Player version 2.4 "AVS Update Manager_is1" = AVS Update Manager 1.0 "CCleaner" = CCleaner "Chart Navigator Pro" = Chart Navigator Pro "Defraggler" = Defraggler "dm-Fotowelt" = dm-Fotowelt "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) "eMule" = eMule "EPSON Scanner" = EPSON Scan "EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall "EPSON SX218 Series Manual" = EPSON SX218 Series Handbuch "Grewe Scanner-Interface_is1" = Grewe Scanner-Interface 3.0 "Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources "Hauppauge WinTV" = Hauppauge WinTV "Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler "Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR "HDMI" = Intel(R) Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "InstallShield_{469ED3E8-D21E-40E8-B00F-63516D26FAE3}" = O2Micro Flash Memory Card Windows Driver "InstallShield_{51202133-E0F9-4314-ACA4-AACBA46A6C69}" = Wireless Selector "InstallShield_{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager "InstallShield_{5C3EA21C-22C0-4A44-BE58-D8CBB2F2B6B2}" = OZ711 SCR Driver "InstallShield_{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility "InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "InstallShield_{FD7BF5F3-C6DE-45B6-A0E2-EA623CB93776}" = abas GUI Tools "IrfanView" = IrfanView (remove only) "IsoBuster_is1" = IsoBuster 2.7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de) "Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0) "MSMONEYV80" = Microsoft Money 2000 "MUSTEK 1200 UB v2.1" = MUSTEK 1200 UB v2.1 "Nokia PC Suite" = Nokia PC Suite "Office14.AccessRT" = Microsoft Access Runtime 2010 "OptionHsdpaGTMax72ExpressInstaller" = Option HSDPA GTMax 7.2 Express Card driver "OptionPCCardInstaller" = Option PC Cards driver package "OptionPCCardInstaller_tmcc" = Option PC Cards driver package "OptionPluss_PCCardInstaller" = Option GT HSDPA driver suit "pdfsam" = pdfsam "Picasa 3" = Picasa 3 "sem_GCXX" = Sony Ericsson GCXX (75/79/82/83/85/89) "Simfy" = simfy "SynTPDeinstKey" = Synaptics Pointing Device Driver "TrueCrypt" = TrueCrypt "VBB-Fahrinfo offline" = VBB-Fahrinfo offline starten "VLC media player" = VLC media player 1.1.9 "VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German) "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "pdfsam" = pdfsam "Winamp Detect" = Winamp Anwendungserkennung ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.10.2011 05:23:41 | Computer Name = WORKPADSJ | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved . Error - 03.10.2011 05:35:57 | Computer Name = WORKPADSJ | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved . Error - 03.10.2011 05:44:08 | Computer Name = WORKPADSJ | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved . Error - 03.10.2011 06:22:16 | Computer Name = WORKPADSJ | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved . Error - 04.10.2011 06:32:15 | Computer Name = WORKPADSJ | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved . Error - 05.10.2011 03:11:57 | Computer Name = WORKPADSJ | Source = VSSetup | ID = 5000 Description = EventType vssetup, P1 microsoft visual c++ 2010 x86 redistributable setup, P2 10.0.40219, P3 10.0.40219.1, P4 1, P5 vc_red.msi, P6 install_i_silent_error, P7 1601, P8 0, P9 , P10 NIL. Error - 05.10.2011 03:11:58 | Computer Name = WORKPADSJ | Source = EventSystem | ID = 4609 Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 8007043C von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsuppor Error - 05.10.2011 03:13:14 | Computer Name = WORKPADSJ | Source = VSSetup | ID = 5000 Description = EventType vssetup, P1 microsoft visual c++ 2010 x86 redistributable setup, P2 10.0.40219, P3 10.0.40219.1, P4 1, P5 vc_red.msi, P6 install_i_silent_error, P7 1601, P8 0, P9 , P10 NIL. Error - 05.10.2011 03:13:14 | Computer Name = WORKPADSJ | Source = EventSystem | ID = 4609 Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 8007043C von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsuppor Error - 05.10.2011 05:21:51 | Computer Name = WORKPADSJ | Source = MsiInstaller | ID = 11706 Description = Product: Cisco Systems VPN Client 5.0.07.0290 -- Error 1706. No valid source could be found for product Cisco Systems VPN Client 5.0.07.0290. Windows Installer cannot continue. [ System Events ] Error - 05.10.2011 07:56:20 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Defragmentation-Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.10.2011 07:56:20 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Intel(R) Matrix Storage Event Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.10.2011 07:56:20 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NitroPDFReaderDriverCreatorReadSpool2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.10.2011 07:56:20 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WirelessSelectorService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.10.2011 07:56:31 | Computer Name = WORKPADSJ | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "NMIndexingService" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E8933C4B-2C90-4A04-A677-E958D9509F1A} Error - 05.10.2011 07:56:31 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NMIndexingService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.10.2011 07:56:32 | Computer Name = WORKPADSJ | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "NMIndexingService" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E8933C4B-2C90-4A04-A677-E958D9509F1A} Error - 05.10.2011 07:56:32 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NMIndexingService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.10.2011 07:56:32 | Computer Name = WORKPADSJ | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "NMIndexingService" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E8933C4B-2C90-4A04-A677-E958D9509F1A} Error - 05.10.2011 07:56:32 | Computer Name = WORKPADSJ | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NMIndexingService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-10-05 20:10:27 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AGBA Running: 3mcory6g.exe; Driver: C:\DOKUME~1\lsy\LOKALE~1\Temp\uwryipoc.sys ---- System - GMER 1.0.15 ---- SSDT A4FC6DFC ZwClose SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0x91FC8930] SSDT A4FC6DB6 ZwCreateKey SSDT A4FC6E06 ZwCreateSection SSDT A4FC6DAC ZwCreateThread SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0x91FC8F20] SSDT A4FC6DBB ZwDeleteKey SSDT A4FC6DC5 ZwDeleteValueKey SSDT A4FC6DF7 ZwDuplicateObject SSDT A4FC6DCA ZwLoadKey SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0x91FC8D70] SSDT A4FC6D98 ZwOpenProcess SSDT A4FC6D9D ZwOpenThread SSDT \??\C:\DOKUME~1\lsy\LOKALE~1\Temp\ASFWHide ZwQuerySystemInformation [0xA48C6486] SSDT A4FC6E1F ZwQueryValueKey SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0x91FD5250] SSDT A4FC6DD4 ZwReplaceKey SSDT A4FC6E10 ZwRequestWaitReplyPort SSDT A4FC6DCF ZwRestoreKey SSDT A4FC6E0B ZwSetContextThread SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0x91FC9120] SSDT A4FC6E15 ZwSetSecurityObject SSDT A4FC6DC0 ZwSetValueKey SSDT A4FC6E1A ZwSystemDebugControl SSDT A4FC6DA7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text iaStor.sys B9E35D42 4 Bytes JMP 8697DD3C .text iaStor.sys B9E35E1A 4 Bytes JMP 8697DD3C .text iaStor.sys B9E36814 4 Bytes JMP 85ECEC8C .text iaStor.sys B9E36B35 4 Bytes JMP 85ECEC8C .text iaStor.sys B9E595FC 4 Bytes JMP 8697DD3C .text ... .text CLASSPNP.SYS!ClassReleaseRemoveLock + 193 BA0E8553 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassCompleteRequest + D BA0E8BF0 4 Bytes JMP 86B7B114 .text CLASSPNP.SYS!ClassCompleteRequest + 3F6 BA0E8FD9 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassSendSrbSynchronous + EE BA0E918C 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassDeviceControl + BD BA0E9591 4 Bytes JMP 86B7B114 .text CLASSPNP.SYS!ClassReleaseQueue + EA BA0EA372 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassReleaseChildLock + 66 BA0EA9C6 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassSendIrpSynchronous + 3A BA0EAB90 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassGetDriverExtension + 15D BA0EB131 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassFindModePage + 1D3 BA0EB775 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassFindModePage + 77F BA0EBD21 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassFindModePage + 9A6 BA0EBF48 4 Bytes JMP 86A3C114 .text CLASSPNP.SYS!ClassFindModePage + ADC BA0EC07E 4 Bytes JMP 860C4DB4 .text CLASSPNP.SYS!ClassFindModePage + B06 BA0EC0A8 4 Bytes JMP 86FBE1EC .text ... .text CLASSPNP.SYS!ClassInternalIoControl + 87 BA0ECFAF 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassGetVpb + 167 BA0ED1AB 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassSendStartUnit + C9 BA0ED421 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassSendSrbAsynchronous + 10D BA0ED56C 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassWmiFireEvent + 3A9 BA0EDA16 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassWmiFireEvent + 843 BA0EDEB0 4 Bytes JMP 86FBE1EC .text CLASSPNP.SYS!ClassIoCompleteAssociated + 18B BA0EE4E9 4 Bytes JMP 86A3C114 PAGE CLASSPNP.SYS!ClassDebugPrint + 59B BA0EEB33 4 Bytes JMP 86FBE1EC PAGE CLASSPNP.SYS!ClassDebugPrint + 7B5 BA0EED4D 4 Bytes JMP 86FBE1EC PAGE CLASSPNP.SYS!ClassInvalidateBusRelations + 203 BA0EF23A 4 Bytes JMP 86FBE1EC PAGE CLASSPNP.SYS!ClassInitialize + 6C0 BA0EF9F8 4 Bytes JMP 86FBE1EC PAGE CLASSPNP.SYS!ClassModeSense + 57D BA0F1B68 4 Bytes JMP 86FBE1EC .text SCSIPORT.SYS!ScsiPortInitialize B77B46AF 4 Bytes JMP 89FD8D44 .text SCSIPORT.SYS!ScsiPortInitialize B77B4A45 4 Bytes JMP 89FD8D44 .text SCSIPORT.SYS!ScsiPortGetUncachedExtension + 852 B77B5D5A 4 Bytes JMP 86E8953C .text SCSIPORT.SYS!ScsiPortGetUncachedExtension + FB6 B77B64BE 4 Bytes JMP 86F46FAC .text SCSIPORT.SYS!ScsiPortGetUncachedExtension + FDA B77B64E2 4 Bytes JMP 89FD8D44 .text SCSIPORT.SYS!ScsiPortGetUncachedExtension + 1710 B77B6C18 4 Bytes JMP 86E8953C .text SCSIPORT.SYS!ScsiPortGetUncachedExtension + 17F8 B77B6D00 4 Bytes JMP 86E8953C .text ... .text SCSIPORT.SYS!ScsiPortCompleteRequest + 10C B77B9576 4 Bytes JMP 86E8953C .text SCSIPORT.SYS!ScsiPortCompleteRequest + 1A9 B77B9613 4 Bytes JMP 86F46FAC .text SCSIPORT.SYS!ScsiPortCompleteRequest + 2BA B77B9724 4 Bytes JMP 86DE16AC .text SCSIPORT.SYS!ScsiPortCompleteRequest + 2F6 B77B9760 4 Bytes JMP 86F46FAC .text SCSIPORT.SYS!ScsiPortCompleteRequest + 3F0 B77B985A 4 Bytes JMP 86F46FAC .text ... PAGE SCSIPORT.SYS!ScsiPortInitialize + E91 B77C0E05 4 Bytes JMP 89FD8D44 PAGE SCSIPORT.SYS!ScsiPortInitialize + FFA B77C0F6E 4 Bytes JMP 89FD8D44 PAGE SCSIPORT.SYS!ScsiPortInitialize + 20AE B77C2022 4 Bytes JMP 86F46FAC PAGE SCSIPORT.SYS!ScsiPortInitialize + 2125 B77C2099 4 Bytes JMP 89FD8D44 PAGE SCSIPORT.SYS!ScsiPortInitialize + 25CD B77C2541 4 Bytes [44, 8D, FD, 89] PAGE ... ? C:\DOKUME~1\lsy\LOKALE~1\Temp\ASFWHide Das System kann die angegebene Datei nicht finden. ! ? system32\drivers\81955823.sys Das System kann den angegebenen Pfad nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Mozilla Firefox\plugin-container.exe[584] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 106AA800 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programme\Mozilla Firefox\plugin-container.exe[584] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 106AA792 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programme\Mozilla Firefox\plugin-container.exe[584] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104B229C C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programme\Mozilla Firefox\plugin-container.exe[584] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 104B2861 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programme\Mozilla Firefox\firefox.exe[3440] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00401410 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\59010218 \Device\KLMD14092011_206080 81955823.sys Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB58498$\2235539010 0 bytes File C:\WINDOWS\$NtUninstallKB58498$\2235539010\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB58498$\2235539010\L 0 bytes File C:\WINDOWS\$NtUninstallKB58498$\2235539010\L\vbsidxak 456320 bytes File C:\WINDOWS\$NtUninstallKB58498$\2235539010\U 0 bytes File C:\WINDOWS\$NtUninstallKB58498$\3704701377 0 bytes ---- EOF - GMER 1.0.15 ---- |
|
05.10.2011, 21:20
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere TrojanerZitat:
__________________ |
|
05.10.2011, 21:59
| #3 |
| | TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner Hi,
__________________hier sind alle logs, bei denen etwas gefunden wurde. Gruss Boieng |
|
05.10.2011, 22:12
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner Sry aber dieses System wird man wohl nicht mehr retten können, dafür wurde offensichtlich zuviel zerstört. Etliche Dateien wurden manipuliert (Patchload) und ein ZeroAccess-Rootkit seh ich da auch. Du solltest umgehend eine Neuinstallation von Windows durchführen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.10.2011, 22:20
| #5 |
| | TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner Ok, Danke |
|
| Themen zu TR/Kazy.25211.24, TR/Crypt.XPACK.Gen und weitere Trojaner |
| .com, 0x00000001, 32 bit, ashampoo uninstaller, avira, bho, c:\windows\system32\rundll32.exe, classpnp.sys, document, einstellungen, entfernen, error, fehler, firefox, format, frage, getwindowinfo, helper, intranet, kaspersky, mozilla thunderbird, mp3, msiinstaller, ntdll.dll, object, plug-in, realtek, registry, rundll, safer networking, saving, scan, security, security update, software, super, t-mobile, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojane, trojaner, udp, windows internet |
Linear-Darstellung
