| |
| |||||||
Log-Analyse und Auswertung: 50 Euro TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.01.2012, 17:44
| #1 |
| |  50 Euro Trojaner Servus, habe das gleiche Problem wie viele andere im moment auch anbei Logfile von OTL...wäre cool wenn mir jemand helfen könnte. nerOTL logfile created on: 03.01.2012 17:40:03 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Mor_pheus\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,76% Memory free 4,84 Gb Paging File | 3,77 Gb Available in Paging File | 77,90% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 44,18 Gb Total Space | 29,94 Gb Free Space | 67,77% Space Free | Partition Type: NTFS Drive D: | 253,91 Gb Total Space | 123,25 Gb Free Space | 48,54% Space Free | Partition Type: NTFS Computer Name: MORPHEUS | User Name: Mor_pheus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Mor_pheus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe () PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Core Temp.exe () PRC - C:\Programme\Everything\Everything.exe () PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\RocketDock\RocketDock.exe () PRC - C:\mysql\bin\mysqld-nt.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe () MOD - C:\Programme\Yuna Software\Messenger Plus!\Detoured.dll () MOD - C:\WINDOWS\system32\AnyDiscHelp.dll () MOD - C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Core Temp.exe () MOD - C:\Programme\Everything\Everything.exe () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\RocketDock\RocketDock.exe () MOD - C:\Programme\RocketDock\RocketDock.dll () MOD - C:\mysql\bin\mysqld-nt.exe () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SXDS10) -- C:\Programme\Gemeinsame Dateien\soft Xpansion\sxds10.exe (soft Xpansion) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1b\RpcAgentSrv.exe (SiSoftware) SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MySQL) -- C:\mysql\bin\mysqld-nt.exe () ========== Driver Services (SafeList) ========== DRV - (ALSysIO) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (hotcore3) -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (cmuda3) -- C:\WINDOWS\system32\drivers\cmudax3.sys (C-Media Inc) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1b\WNt500x86\sandra.sys (SiSoftware) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s115mgmt.sys (MCCI Corporation) DRV - (s115obex) -- C:\WINDOWS\system32\drivers\s115obex.sys (MCCI Corporation) DRV - (s115mdm) -- C:\WINDOWS\system32\drivers\s115mdm.sys (MCCI Corporation) DRV - (s115mdfl) -- C:\WINDOWS\system32\drivers\s115mdfl.sys (MCCI Corporation) DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\WINDOWS\system32\drivers\s115bus.sys (MCCI Corporation) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Programme\VDownloader\Addons\FireFox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.18 11:43:13 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Reloader] C:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe (NiwradSoft) O4 - HKCU..\Run: [Core Temp] C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Core Temp.exe () O4 - HKCU..\Run: [RocketDock] C:\Programme\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67106895 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 5 O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291480886421 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1799347-4244-4312-A5A2-6FE44B44909D}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TU2011\WinStyler\tu_logonui.exe) -C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TU2011\WinStyler\tu_logonui.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mor_pheus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mor_pheus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.04 17:22:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.03 17:13:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.01.03 17:03:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mor_pheus\Desktop\OTL.exe [2012.01.02 17:30:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2011.12.31 09:19:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mor_pheus\Desktop\Neuer Ordner [2011.12.28 10:57:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Bilder bearbeitet [2011.12.28 10:55:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mor_pheus\Desktop\Neuer Ordner (2) [2011.12.23 16:12:20 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Mor_pheus\Recent [2011.12.15 17:40:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2011.11.19 13:30:36 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.03 17:03:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mor_pheus\Desktop\OTL.exe [2012.01.03 16:43:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.03 16:41:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.01.03 16:41:15 | 000,662,946 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2011.12.31 09:12:55 | 000,144,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Mor_pheus\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.31 09:12:55 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.12.30 15:01:36 | 733,452,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Alvin und die Chipmunks 2-xvid.avi [2011.12.29 12:11:25 | 000,047,175 | ---- | M] () -- C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Konto_1490202206-Auszug_2011_015_pdf.pdf [2011.12.28 12:43:21 | 000,000,100 | ---- | M] () -- C:\WINDOWS\OODCNT.INI [2011.12.20 11:15:12 | 000,000,225 | RHS- | M] () -- C:\boot.ini [2011.12.16 06:18:40 | 000,385,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.12.12 17:07:44 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.30 15:01:23 | 733,452,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Alvin und die Chipmunks 2-xvid.avi [2011.12.29 12:11:25 | 000,047,175 | ---- | C] () -- C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Konto_1490202206-Auszug_2011_015_pdf.pdf [2011.12.20 11:09:22 | 000,001,970 | ---- | C] () -- C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Windows-Standard.tbs [2011.11.19 13:30:38 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011.11.19 13:30:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011.11.19 13:30:35 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011.11.19 13:30:35 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011.10.24 15:19:31 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.07.16 14:39:58 | 000,787,416 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.07.13 10:26:48 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2011.07.09 08:33:07 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MB.ini [2011.03.04 08:13:29 | 001,395,579 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-57989841-789336058-839522115-1003-0.dat [2011.03.04 08:13:29 | 000,340,850 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.02.07 19:56:50 | 000,000,306 | ---- | C] () -- C:\WINDOWS\gttb64.ini [2011.01.11 13:44:57 | 008,101,888 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda [2011.01.10 20:17:28 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll [2011.01.10 20:17:28 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll [2011.01.10 20:17:28 | 000,012,782 | ---- | C] () -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\unins000.msg [2011.01.10 20:17:27 | 000,559,104 | ---- | C] () -- C:\WINDOWS\System32\lame.exe [2011.01.10 20:17:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2011.01.10 20:17:26 | 000,709,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\unins000.exe [2011.01.10 20:17:26 | 000,007,473 | ---- | C] () -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\unins000.dat [2011.01.07 18:58:16 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\AnyDiscHelp.dll [2011.01.07 18:52:25 | 000,000,123 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2010.12.20 17:51:26 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\AI_ContextMenu.dll [2010.12.18 00:50:42 | 000,000,167 | ---- | C] () -- C:\WINDOWS\ringtonemaker.INI [2010.12.18 00:36:11 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2010.12.11 13:18:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.12.06 19:59:12 | 000,000,100 | ---- | C] () -- C:\WINDOWS\OODCNT.INI [2010.12.06 19:46:40 | 000,708,432 | ---- | C] () -- C:\WINDOWS\unins000.exe [2010.12.06 19:46:40 | 000,106,724 | ---- | C] () -- C:\WINDOWS\unins000.dat [2010.12.06 18:16:51 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2010.12.04 18:09:43 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010.12.04 18:09:16 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl [2010.12.04 18:08:58 | 000,001,480 | R--- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg [2010.12.04 18:08:57 | 000,002,421 | R--- | C] () -- C:\WINDOWS\cmudax3.ini [2010.12.04 18:02:15 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI [2010.12.04 18:00:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2010.12.04 17:39:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2010.12.04 17:32:17 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2010.12.04 17:28:31 | 000,144,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Mor_pheus\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.04 17:24:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.12.04 17:19:01 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.12.04 17:11:14 | 000,004,359 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.12.04 17:09:59 | 000,385,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.02.11 05:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010.02.11 05:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2010.01.12 21:18:18 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2010.01.12 21:18:16 | 004,507,983 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2010.01.12 21:18:10 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2010.01.12 21:18:08 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2010.01.11 08:24:40 | 000,001,665 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2010.01.01 01:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009.10.24 21:15:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll [2009.10.09 16:18:42 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll [2009.10.09 16:16:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll [2009.10.09 16:15:54 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll [2009.04.23 23:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2008.05.26 21:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 21:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 21:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 13:00:00 | 000,517,200 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 13:00:00 | 000,472,866 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 13:00:00 | 000,100,572 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 13:00:00 | 000,075,960 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002.11.19 15:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat [2002.11.19 15:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000023.DLL [2001.12.12 12:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll [2001.12.12 12:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2011.05.12 12:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AllMyMovies [2011.07.03 08:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2011.05.25 08:35:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.12.06 20:12:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2011.08.07 08:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EXPLAUNCHER [2011.07.09 08:31:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2011.02.12 14:27:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2010.12.06 18:43:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! [2010.12.18 13:18:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.01.07 19:14:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2011.08.09 16:25:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\soft Xpansion [2011.11.19 13:16:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2011.05.20 10:13:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2011.12.13 13:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.12.06 17:19:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.02.12 14:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2011.11.01 10:32:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xml_param [2010.12.06 17:17:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.03.14 11:05:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\aicon [2011.01.07 18:46:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\AnvSoft [2011.07.17 08:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\Ashampoo [2012.01.02 19:48:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\BitTorrent [2011.07.09 09:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\Buhl Data Service GmbH [2011.01.10 20:17:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\concept design [2011.01.16 15:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.01.10 20:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\Franzis [2011.04.24 09:51:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\GetRightToGo [2011.02.12 14:06:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\gtk-2.0 [2011.06.21 08:18:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\gtopala [2011.02.12 14:27:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\MAGIX [2010.12.11 09:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\Mp3tag [2011.05.12 05:34:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\Obsidium [2010.12.18 13:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\PC Suite [2011.05.20 10:24:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\Teleca [2010.12.06 17:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\TuneUp Software [2011.02.12 14:29:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\Ulead Systems [2011.06.13 08:50:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\Windows Desktop Search [2011.06.13 08:51:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\Windows Search [2010.12.06 20:13:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mor_pheus\Anwendungsdaten\Zeon ========== Purity Check ========== ========== Custom Scans ========== < OTL logfile created on: 03.01.2012 17:36:01 - Run 2 > < OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Mor_pheus\Desktop > < Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation > < Internet Explorer (Version = 8.0.6001.18702) > < Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy > < > < 3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 66,93% Memory free > < 4,84 Gb Paging File | 3,82 Gb Available in Paging File | 78,88% Paging File free > < Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] > < > < %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme > < Drive C: | 44,18 Gb Total Space | 29,94 Gb Free Space | 67,77% Space Free | Partition Type: NTFS > < Drive D: | 253,91 Gb Total Space | 123,25 Gb Free Space | 48,54% Space Free | Partition Type: NTFS > < > < Computer Name: MORPHEUS | User Name: Mor_pheus | Logged in as Administrator. > < Boot Mode: Normal | Scan Mode: Current user > < Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days > < > < ========== Processes (SafeList) ========== > Invalid Switch: color] < > < PRC - C:\Dokumente und Einstellungen\Mor_pheus\Desktop\OTL.exe (OldTimer Tools) > < PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe () > < PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) > < PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) > < PRC - C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Core Temp.exe () > < PRC - C:\Programme\Everything\Everything.exe () > < PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) > < PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) > < PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) > < PRC - C:\Programme\RocketDock\RocketDock.exe () > < PRC - C:\mysql\bin\mysqld-nt.exe () > < > < > < ========== Modules (No Company Name) ========== > Invalid Switch: color] < > < MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () > < MOD - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe () > < MOD - C:\Programme\Yuna Software\Messenger Plus!\Detoured.dll () > < MOD - C:\WINDOWS\system32\AnyDiscHelp.dll () > < MOD - C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Core Temp.exe () > < MOD - C:\Programme\Everything\Everything.exe () > < MOD - C:\WINDOWS\system32\msdmo.dll () > < MOD - C:\Programme\RocketDock\RocketDock.exe () > < MOD - C:\Programme\RocketDock\RocketDock.dll () > < MOD - C:\mysql\bin\mysqld-nt.exe () > < > < > < ========== Win32 Services (SafeList) ========== > Invalid Switch: color] < > < SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) > < SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) > < SRV - (SXDS10) -- C:\Programme\Gemeinsame Dateien\soft Xpansion\sxds10.exe (soft Xpansion) > < SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) > < SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) > < SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) > < SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1b\RpcAgentSrv.exe (SiSoftware) > < SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) > < SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) > < SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) > < SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) > < SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) > < SRV - (MySQL) -- C:\mysql\bin\mysqld-nt.exe () > < > < > < ========== Driver Services (SafeList) ========== > Invalid Switch: color] < > < DRV - (ALSysIO) -- File not found > < DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) > < DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) > < DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) > < DRV - (hotcore3) -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys (Paragon Software Group) > < DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) > < DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) > < DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) > < DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) > < DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) > < DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) > < DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) > < DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) > < DRV - (cmuda3) -- C:\WINDOWS\system32\drivers\cmudax3.sys (C-Media Inc) > < DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1b\WNt500x86\sandra.sys (SiSoftware) > < DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) > < DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH) > < DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH) > < DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s115mgmt.sys (MCCI Corporation) > < DRV - (s115obex) -- C:\WINDOWS\system32\drivers\s115obex.sys (MCCI Corporation) > < DRV - (s115mdm) -- C:\WINDOWS\system32\drivers\s115mdm.sys (MCCI Corporation) > < DRV - (s115mdfl) -- C:\WINDOWS\system32\drivers\s115mdfl.sys (MCCI Corporation) > < DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\WINDOWS\system32\drivers\s115bus.sys (MCCI Corporation) > < DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) > < DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.) > < DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) > Invalid Switch: C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) < DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc) > < DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () > < > < > < ========== Standard Registry (SafeList) ========== > Invalid Switch: color] < > < > < ========== Internet Explorer ========== > Invalid Switch: color] < > < > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ > Invalid Switch: < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < > < FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) > Invalid Switch: DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) < FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) > Invalid Switch: DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) < FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) > Invalid Switch: JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) < FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) > Invalid Switch: NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) < FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) > Invalid Switch: WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) < FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: File not found > Invalid Switch: VDownloader: File not found < > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Programme\VDownloader\Addons\FireFox > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.18 11:43:13 | 000,000,000 | ---D | M] > < > < > < O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts > < O1 - Hosts: 127.0.0.1 localhost > < O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) > < O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) > < O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. > < O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) > < O4 - HKLM..\Run: [Reloader] C:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe (NiwradSoft) > < O4 - HKCU..\Run: [Core Temp] C:\Dokumente und Einstellungen\Mor_pheus\Eigene Dateien\Core Temp.exe () > < O4 - HKCU..\Run: [RocketDock] C:\Programme\RocketDock\RocketDock.exe () > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0 > < O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present > < O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present > < O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 > < O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1 > < O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67106895 > < O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] > < O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data] > < O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 5 > < O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) > Invalid Switch: ieawsdc32.cab (Microsoft Office Template and Media Control) < O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291480886421 (MUWebControl Class) > Invalid Switch: muweb_site.cab?1291480886421 (MUWebControl Class) < O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) > Invalid Switch: OnlineScanner.cab (OnlineScanner Control) < O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) > Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) < O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) > Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) < O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) > Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) < O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) > Invalid Switch: swflash.cab (Shockwave Flash Object) < O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) > Invalid Switch: GarminAxControl.CAB (Reg Error: Key error.) < O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1799347-4244-4312-A5A2-6FE44B44909D}: DhcpNameServer = 192.168.1.1 > < O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) > < O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) > Invalid Switch: xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) < O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TU2011\WinStyler\tu_logonui.exe) -C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TU2011\WinStyler\tu_logonui.exe (Microsoft Corporation) > < O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) > < O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home > < O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mor_pheus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp > < O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mor_pheus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp > < O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) > < O32 - HKLM CDRom: AutoRun - 1 > < O32 - AutoRun File - [2010.12.04 17:22:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] > < O34 - HKLM BootExecute: (autocheck autochk *) > < O34 - HKLM BootExecute: (OODBS) > < O35 - HKLM\..comfile [open] -- "%1" %* > < O35 - HKLM\..exefile [open] -- "%1" %* > < O37 - HKLM\...com [@ = comfile] -- "%1" %* > < O37 - HKLM\...exe [@ = exefile] -- "%1" %* > < > < ========== Files/Folders - Created Within 30 Days ========== > Invalid Switch: color] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 163 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FB1B13D8 @Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F17F235A < End of report > |
|
03.01.2012, 17:46
| #2 |
| | 50 Euro Trojaner hier nun der logfile von ExtrasOTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 03.01.2012 17:04:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Mor_pheus\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,48% Memory free
4,84 Gb Paging File | 4,22 Gb Available in Paging File | 87,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 44,18 Gb Total Space | 30,14 Gb Free Space | 68,22% Space Free | Partition Type: NTFS
Drive D: | 253,91 Gb Total Space | 123,25 Gb Free Space | 48,54% Space Free | Partition Type: NTFS
Computer Name: MORPHEUS | User Name: Mor_pheus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programme\SpacialAudio\SAMBC\SAMBC.exe" = C:\Programme\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC -- ()
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1b\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1b\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1b\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2009.SP1b\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2FDB188C-7015-485F-AD94-0936AFF17102}" = MP3 PartyMiXXer
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39EE2257-DA3C-4FBA-9D59-893104A1EB4F}" = XPclean
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82FEA187-116E-4CDA-A333-AB6ED22380C7}_is1" = Audio 180% 7.5
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{88589E19-665C-4575-A4A0-CE9C43C51031}" = Nero 8
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{BEFDE94E-B9FB-423A-85AE-F58BB56F3CFC}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C92FB469-D5B7-48C6-B171-785E1126F099}" =
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 11 Kompakt 3rd Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D309F9-38AB-4cc3-8DA7-0544F5011788}" = soft Xpansion Perfect PDF 6 Office
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Professional Business 2009.SP1b
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8550C86-A712-4219-AD4C-038C9FD1D149}" = Ulead PhotoImpact 11
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF49A5C4-E09A-4A22-BE7B-E42C687952BC}" = O&O Defrag Professional
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DA85F579-3C60-A492-6B3F-9F4C85529C9E}" = ATI Catalyst Install Manager
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"2020 Musterbriefe" = 2020 Musterbriefe
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"4Videosoft MKV Video Converter_is1" = 4Videosoft MKV Video Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Aimersoft Video Converter Std_is1" = Aimersoft Video Converter Std(Build 4.0.2.0)
"Anti-Twin 2010-12-18 11.03.05" = Anti-Twin (Installation 18.12.2010)
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.1.6
"AnyDVD" = AnyDVD
"Ashampoo AudioCD MP3 Studio 3" = Ashampoo AudioCD MP3 Studio 3
"Ashampoo Burning Studio 9 Theme Pack_is1" = Ashampoo Burning Studio 9 Theme Pack
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.10
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD v.2.19
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"C-Media PCI Sound" = C-Media PCI Audio Device
"DivX Setup.divx.com" = DivX-Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Everything" = Everything 1.2.1.371
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full)
"LetsTrade" = LetsTrade Komponenten
"MAGIX ringtone maker e-version" = MAGIX ringtone maker e-version
"Mein Büro 2008 Professional_is1" = Mein Büro 2008 Professional
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mp3tag" = Mp3tag v2.47b
"MSNINST" = MSN
"MySQL Servers and Clients 4.0.21" = MySQL Servers and Clients 4.0.21
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"PCI Audio Driver" = PCI Audio Driver
"PRJPRO" = Microsoft Office Project Professional 2007
"RocketDock_is1" = RocketDock 1.3.5
"SAM3" = SAM3 (remove only)
"Seven Remix XP" = Seven Remix XP 2.41
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.10
"WAV To MP3_is1" = WAV To MP3 V2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 Beta 2 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.12.2011 04:57:15 | Computer Name = MORPHEUS | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\TORRENT\DVD QUALITÄT\ARENA\ARENA.AVI> in der Hash-Zuordnung
kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details:
Ein
an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 27.12.2011 04:16:38 | Computer Name = MORPHEUS | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\TORRENT\DVD QUALITÄT\MEUTEREI AUF DER BOUNTY\MEUTEREI
AUF DER BOUNTY.AVI> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext:
Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät
funktioniert nicht. (0x8007001f)
Error - 27.12.2011 04:17:29 | Computer Name = MORPHEUS | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\TORRENT\DVD QUALITÄT\ARENA\ARENA.AVI> in der Hash-Zuordnung
kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details:
Ein
an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error - 29.12.2011 06:04:24 | Computer Name = MORPHEUS | Source = Windows Search Service | ID = 3013
Description = Eintrag <D:\TORRENT\DVD QUALITÄT\DER.ADLER.DER.NEUNTEN.LEGION\DER
ADLER DER NEUNTEN LEGION.AVI> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext:
Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät
funktioniert nicht. (0x8007001f)
Error - 02.01.2012 11:56:47 | Computer Name = MORPHEUS | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{9e2c5b1e-ffc6-11df-914a-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 02.01.2012 11:56:47 | Computer Name = MORPHEUS | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{9e2c5b1f-ffc6-11df-914a-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 02.01.2012 11:57:13 | Computer Name = MORPHEUS | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
Error - 02.01.2012 12:28:24 | Computer Name = MORPHEUS | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{9e2c5b1e-ffc6-11df-914a-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 02.01.2012 12:28:24 | Computer Name = MORPHEUS | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{9e2c5b1f-ffc6-11df-914a-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 02.01.2012 12:28:48 | Computer Name = MORPHEUS | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
[ OSession Events ]
Error - 30.06.2011 03:07:59 | Computer Name = MORPHEUS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 599
seconds with 540 seconds of active time. This session ended with a crash.
< End of report >
Gruß Morph |
|
| Themen zu 50 Euro Trojaner |
| .dll, 0x00000001, alternate, antivir, avg, avira, bho, browser, einstellungen, error, euro, explorer, firefox, fontcache, format, helper, homepage, logfile, mp3, nodrives, object, opera, plug-in, problem, realtek, registry, scan, sched.exe, software, tarma, trojane, trojaner, usb |
Linear-Darstellung
