| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 50 Euro VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.01.2012, 16:05
| #1 |
 |  50 Euro Virus Hallo, Trojaner-Board, ich habe vor geraumer Zeit ein Video in einem online-video-portal angeschaut, als ich auf "Play" drückte wurde mein Bildschirm schwarz und es erschien der 50 Euro-Virus. Ich besitze einen Windows XP und kann meinen PC im abesicherten Modus starten, ohne dass sich der Virus öffnet. Ich habe die Schritte vom Thema "Alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" befolgt. Schritt 1 ausgeführt Schritt 2: OTL.txt Code:
ATTFilter OTL logfile created on: 01.01.2012 14:52:31 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Felix\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,48 Mb Total Physical Memory | 812,09 Mb Available Physical Memory | 79,35% Memory free 2,40 Gb Paging File | 2,33 Gb Available in Paging File | 96,78% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 9,77 Gb Total Space | 0,16 Gb Free Space | 1,65% Space Free | Partition Type: NTFS Drive D: | 69,34 Gb Total Space | 26,94 Gb Free Space | 38,85% Space Free | Partition Type: NTFS Drive E: | 69,94 Gb Total Space | 57,10 Gb Free Space | 81,65% Space Free | Partition Type: NTFS Computer Name: FELIX-7EE248200 | User Name: Felix | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.01 14:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Felix\Desktop\OTL.exe PRC - [2008.01.12 20:26:24 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.03.31 22:30:12 | 000,473,704 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvShell.dll MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Win32 Services (SafeList) ========== SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011.07.21 19:21:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.19 12:00:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 15:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- E:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.07.14 20:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Programme\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2006.06.01 20:06:00 | 000,483,397 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine) SRV - [2006.06.01 20:06:00 | 000,241,731 | ---- | M] (Raxco Software, Inc.) [Auto | Stopped] -- C:\Programme\Raxco\PerfectDisk\PDSched.exe -- (PDSched) SRV - [2002.03.19 11:15:46 | 000,036,864 | ---- | M] (D-Link) [Auto | Stopped] -- C:\Programme\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService) ========== Driver Services (SafeList) ========== DRV - [2011.07.21 19:21:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.21 19:21:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.03.26 11:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.06.12 16:21:40 | 000,500,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.21 14:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50) DRV - [2009.04.09 12:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.04.09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.04.09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.04.09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.04.09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.04.09 12:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2006.06.01 20:06:00 | 000,061,920 | ---- | M] (Raxco Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\defrag32b.sys -- (Defrag32b) DRV - [2006.06.01 20:06:00 | 000,061,920 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\defrag32.sys -- (Defrag32) DRV - [2006.04.24 10:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006.03.22 07:24:02 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006.03.22 07:24:00 | 000,052,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005.03.15 16:04:00 | 000,161,792 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov530vid.sys -- (ovt530) DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2004.05.05 21:17:28 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2003.04.10 18:44:00 | 000,636,502 | R--- | M] (Intersil Americas Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMUSB.sys -- (PRISM_USB) DRV - [2002.09.27 17:21:26 | 000,022,912 | ---- | M] (D-Link Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\NIOC.sys -- (NIOC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=244506&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: koyotesoft@mybrowserbar.com:4.9 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:3.0.2 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=244506&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: D:\Programme\Mozilla\components [2011.12.21 21:12:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: D:\Programme\Mozilla\plugins [2011.12.21 21:12:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Programme\Mein Gutscheincode Finder\Firefox [2011.07.15 23:48:42 | 000,000,000 | ---D | M] [2010.05.08 11:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Extensions [2012.01.01 03:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions [2010.07.26 19:26:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.18 18:19:14 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.05.08 22:19:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.07 16:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.09.25 15:23:08 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\vshare@toolbar [2011.10.07 16:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions [2010.06.13 17:28:39 | 000,002,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\searchplugins\askcom.xml [2010.07.28 23:37:18 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\searchplugins\conduit.xml [2011.12.20 10:19:09 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM [2010.05.08 10:16:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.12.20 10:19:09 | 000,000,000 | ---D | M] (Koyote Soft Toolbar) -- C:\PROGRAMME\KOYOTE SOFT TOOLBAR\FF [2011.07.15 23:48:42 | 000,000,000 | ---D | M] (preisspion.de) -- C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX [2010.09.17 20:41:23 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe (D-Link) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found O4 - HKLM..\Run: [PlusService] d:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKCU..\Run: [iexploer.exe] C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Microsoft\Internet Explorer\iexploer.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Image Transfer.lnk = E:\Programme\Sony Corporation\Image Transfer\SonyTray.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) O4 - Startup: C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\FIFA 10-Registrierung.lnk = D:\Programme\EA SPORTS\Fussball Manager 2004\Support\EAregister.exe (Leader Technologies) O4 - Startup: C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.) O4 - Startup: C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7510E3E9-5DE7-4ED6-B9E2-8B5525C9260A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.05.06 09:39:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.09.28 14:09:47 | 000,000,000 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell - "" = AutoRun O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (pdboot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.01 14:49:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Felix\Desktop\OTL.exe [2012.01.01 14:37:54 | 000,000,000 | ---D | C] -- D:\Trojaner-Board-Hilfe [2012.01.01 14:07:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2011.12.30 17:04:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Felix\Recent [2011.12.20 10:19:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings [2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot [2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Koyote Soft Toolbar [2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater [2011.12.20 10:18:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 D:\*.tmp files -> D:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.01 14:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Felix\Desktop\OTL.exe [2012.01.01 14:47:34 | 000,010,113 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Desktop\hilfe.odt [2012.01.01 14:44:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.01 14:41:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.01.01 14:39:35 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\defogger_reenable [2012.01.01 13:59:12 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011.12.18 14:48:44 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\FIFA 10-Registrierung.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 D:\*.tmp files -> D:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.01 14:44:45 | 000,010,113 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\Desktop\hilfe.odt [2012.01.01 14:39:35 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\defogger_reenable [2010.12.31 01:23:31 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2010.11.06 22:15:56 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2010.11.04 23:12:24 | 000,000,439 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010.06.13 17:36:24 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.05.27 07:53:21 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2010.05.08 16:40:53 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.08 11:05:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.05.06 10:41:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll [2010.05.06 10:41:57 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI [2010.05.06 10:41:57 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini [2010.05.06 10:29:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.05.06 10:28:23 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.05.06 10:12:33 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010.05.06 10:06:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.06 10:06:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010.05.06 09:42:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.05.06 09:36:41 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.05.06 09:36:01 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll [2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2008.01.12 20:28:16 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2004.08.04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 12:00:00 | 000,458,822 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 12:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 12:00:00 | 000,084,326 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 12:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 12:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2004.08.04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002.06.09 12:07:30 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\DevCtrl.dll ========== LOP Check ========== [2010.05.08 10:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2010.06.13 17:36:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.08.02 13:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI [2010.05.08 12:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! [2010.05.06 10:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver [2010.09.16 19:24:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2011.05.20 14:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.05.08 10:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\ACD Systems [2010.06.13 17:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Canneverbe Limited [2011.07.25 22:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoft [2011.07.25 22:55:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.07.15 23:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FFP [2010.11.06 22:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeAudioPack [2010.11.06 22:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeCDRipper [2011.07.15 23:21:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeFLVConverter [2011.08.21 15:32:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\GetRightToGo [2011.06.18 18:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\gtk-2.0 [2011.02.06 20:08:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\JavaEditor [2011.07.15 23:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Koyote Soft [2010.05.08 21:59:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Leadertech [2010.05.08 10:21:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\OpenOffice.org [2011.12.30 17:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\PriceGong [2010.11.06 00:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\QuickStoresToolbar [2011.12.20 10:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings [2011.11.18 21:48:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\temp [2010.09.16 19:25:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Vodafone ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.12.20 18:57:15 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2010.05.06 09:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.05.27 07:53:20 | 000,000,000 | ---D | M] -- C:\Drivers [2011.01.01 20:05:12 | 000,000,000 | ---D | M] -- C:\Games [2010.05.06 10:12:26 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.12.20 10:19:03 | 000,000,000 | R--D | M] -- C:\Programme [2010.05.08 09:04:17 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.05.06 09:44:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.01 14:07:41 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: AFD.SYS > [2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\afd.sys [2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys [2004.08.04 12:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys [2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\system32\dllcache\afd.sys [2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\system32\drivers\afd.sys [2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys [2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys [2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys [2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys < MD5 for: EXPLORER.EXE > [2008.01.12 20:26:24 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe < MD5 for: IPSEC.SYS > [2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ipsec.sys [2004.08.04 12:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\drivers\ipsec.sys < MD5 for: REGEDIT.EXE > [2004.08.04 12:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\regedit.exe [2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe [2004.08.04 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 12:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2010.05.02 08:54:39 | 001,860,096 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-14 23:27:48 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.01.2012 14:52:31 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Felix\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 812,09 Mb Available Physical Memory | 79,35% Memory free
2,40 Gb Paging File | 2,33 Gb Available in Paging File | 96,78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 9,77 Gb Total Space | 0,16 Gb Free Space | 1,65% Space Free | Partition Type: NTFS
Drive D: | 69,34 Gb Total Space | 26,94 Gb Free Space | 38,85% Space Free | Partition Type: NTFS
Drive E: | 69,94 Gb Total Space | 57,10 Gb Free Space | 81,65% Space Free | Partition Type: NTFS
Computer Name: FELIX-7EE248200 | User Name: Felix | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "D:\Programme\acdsee\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Metin2\metin2.bin" = D:\Programme\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"D:\Programme\Metin2\metin2client.bin" = D:\Programme\Metin2\metin2client.bin:*:Enabled:metin2client -- ()
"D:\PES 2010\pes2010.exe" = D:\PES 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Temp\Update_adc7.exe" = C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Temp\Update_adc7.exe:*:Enabled:InstallCore™
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C47AB7-0EFA-4804-BCFC-63DD27698B89}" = Stunt GP Demo
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.19b, 2010.01.31
"{6E5BC38E-F22B-4197-00A2-CD8E58EF139C}" = Fussball Manager 2004
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A50B4F2-7723-4291-B0AF-E9052CDE0720}" = Koyote Soft Toolbar v4.9
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}" = Hercules WebCam Station
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink RT6x Wireless LAN Card
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.5.722
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service
"InstallShield_{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"InstallShield_{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MP3-Cutter" = MP3-Cutter
"MSXML3SP7" = Microsoft XML Parser 3 SP7
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Q936181" = Sicherheitsupdate für MSXML 4.0 SP2 - KB936181
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"WIC" = Windows Imaging Component
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMP11" = Windows Media Player 11 Slipstream
"WUV30" = Windows Update Agent 3.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"gamealarm-DEFAULT" = Game Alarm
"sc11-DE_SEVENONE_MAIN" = Big Pizza Ski Challenge 11
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.12.2011 06:45:45 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 29.12.2011 08:37:22 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 29.12.2011 16:47:38 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 30.12.2011 08:42:08 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 30.12.2011 12:01:32 | Computer Name = FELIX-7EE248200 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.21256, stamp 4bc5e577,
faulting module conversiononeie.dll, version 1.0.0.0, stamp 4e01d9de, debug? 0,
fault address 0x0000a61a.
Error - 31.12.2011 10:35:23 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 31.12.2011 17:14:12 | Computer Name = FELIX-7EE248200 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4363,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x0000100b.
Error - 31.12.2011 22:11:18 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 01.01.2012 08:53:20 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 01.01.2012 09:01:30 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 28.11.2011 10:45:37 | Computer Name = FELIX-7EE248200 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "unacev2.dll" auf Volume "HarddiskVolume1"
ist im Wiederherstellungsfilter der unerwartete Fehler "0xC000007F" aufgetreten.
Die Volumeüberwachung wurde angehalten.
Error - 05.12.2011 08:20:06 | Computer Name = FELIX-7EE248200 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "aerdl.dll" auf Volume "HarddiskVolume1"
ist im Wiederherstellungsfilter der unerwartete Fehler "0xC000007F" aufgetreten.
Die Volumeüberwachung wurde angehalten.
Error - 01.01.2012 09:09:50 | Computer Name = FELIX-7EE248200 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 01.01.2012 09:09:56 | Computer Name = FELIX-7EE248200 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio avipbb Fips Processor ssmdrv
Error - 01.01.2012 09:37:35 | Computer Name = FELIX-7EE248200 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 01.01.2012 09:37:42 | Computer Name = FELIX-7EE248200 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 01.01.2012 09:44:08 | Computer Name = FELIX-7EE248200 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 01.01.2012 09:44:14 | Computer Name = FELIX-7EE248200 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio avipbb Fips Processor ssmdrv
< End of report >
GMER: Hasn´t found any system modification Nach dem Scann habe ich auf "Save" geklickt und auf dem Desktop unter GMER.txt gespeichert, jedoch ist dieser leer. Danke im vorraus und mfG A.Vidal |
| Themen zu 50 Euro Virus |
| 0x00000001, 50 euro virus, antivir, avira, bho, bildschirm, bonjour, c:\windows\system32\rundll32.exe, cdburnerxp, conduit, converter, crypto, einstellungen, euro, firefox, format, helper, iexplore.exe, koyote, logfile, metin2, mp3, ntdll.dll, plug-in, realtek, required, rundll, scan, sched.exe, security, security update, software, starten, trojaner-board, udp, version=1.0, virus, vodafone, win32k.sys, windows, windows xp, wma |
Baum-Darstellung