|
Plagegeister aller Art und deren Bekämpfung: Gema Trojaner mit XP - Kein Abgesicherter Modus möglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.02.2012, 13:16 | #1 |
| Gema Trojaner mit XP - Kein Abgesicherter Modus möglich Hallo Zusammen und fröhliches Faschingstreiben....auch wenn es mir vergangen ist :-( Seit vorgestern Abend hat mich auch der bekannte Gema-Trojaner heimgesucht. Mein Rechner läuft mit XP Home und hat automatische Aktuallisierung aktiv Zudem läuft Gdata IS incl. Firewall/ Autopilot mit stündlichem Update Dennoch kam auf einmal ein Popup, welche nach Installation von irgendetwas mit ...microsoft...help..... oder so ähnlich. Frage wurde verneint und Gdata warnte vor blockiertem Virus über Webseite. Einige Sekunden später wird Monitor kurz schwarz und das allseits bekannte Gemabild kam auf. Dass es sich hierbei um nichts "Echtes" handelt war mir schon sofort klar - ich hab auch nichts zu verbergen. Das ganze ist auf meinem Firmen-PC und der wird außer zum Arbeiten und einigen Internetrecherchen mit nichts belastet. Dennoch hat es mich erwicht. Leider muss ich mir eingestehen, dass ich nicht mir eingeschränkten Rechten unterwegs war. Jetzt habe ich mich hier gestern den ganzen Tag eingelesen, auch andere Seiten über das Problem gesucht und dennoch bin ich nicht weiter gekommen. 1. Starten im abgesicherten Modus funktioniert nicht. Nach F8-> abges.Modus mit Netzwerktreiber erfolgt gleich wieder ein Reset des Systems und der Bootvorgang startet erneut 2. Anmelden und STRG-ALT-Entf für Taskmanager sehe ich keinen Taskmanager. Er scheint hinter dem Gema-Bild zu bleiben. 3. Gdata Boot CD erstellt mit den aktuellsten Signaturen. Diese über Nacht laufen lassen, doch weiterhin der GEMA-Feind noch da 4 und aktuell. Boot-CD nach euren Angaben hier erstellt und REATAGO-X-PE gestartet. Nach dem Öffnen der OTLPE kommt gleich die Frage nach "Do you wish to load remote user profile(s) for scanning => Yes Dann deaktiviere ich den Haken bei "Automatically Load All Remaining Users" => OK Dann bekomme ich einen "RunScanner Error - Registry Access Error, ret=1017: the system has attempted to load or restore a file into the registry, but the specified file is not in a registry format. Jetzt komme ich gar nicht mehr weiter. Könnt ihr mir helfen? Gruß Handwert EDIT 19.02.12 14:00 Ich habe jetzt einfach die o.g. Fragen mit nein beantwortet und den allseits empfohlenen Custum-Scan laufen lassen mit folgendem Ergebnis. Code:
ATTFilter OTL logfile created on: 2/19/2012 1:21:10 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298.08 Gb Total Space | 106.15 Gb Free Space | 35.61% Space Free | Partition Type: NTFS Drive D: | 97.65 Gb Total Space | 37.11 Gb Free Space | 38.00% Space Free | Partition Type: NTFS Drive E: | 111.80 Gb Total Space | 59.24 Gb Free Space | 52.99% Space Free | Partition Type: NTFS Drive F: | 30.34 Gb Total Space | 1.46 Gb Free Space | 4.83% Space Free | Partition Type: NTFS Drive H: | 963.70 Mb Total Space | 963.50 Mb Free Space | 99.98% Space Free | Partition Type: FAT Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2011/07/22 02:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto] -- C:\WINDOWS\system32\cjpcsc.exe -- (cjpcsc) SRV - [2011/02/18 09:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/12/23 05:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010/09/06 11:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/03/04 16:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/12/07 08:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009/11/26 06:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009/11/24 20:07:32 | 001,251,488 | ---- | M] (G Data Software AG) [Auto] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2009/11/24 20:05:05 | 001,547,104 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2009/08/08 06:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2009/07/28 09:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2008/11/03 18:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/08/10 19:25:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007/09/10 17:45:04 | 000,124,832 | ---- | M] () [Auto] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2006/10/26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/09/11 12:59:28 | 000,172,032 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2006/09/11 12:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp) SRV - [2006/09/11 12:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2006/08/21 10:57:50 | 000,049,152 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe -- (avmidentd) SRV - [2006/04/13 09:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) SRV - [2003/06/19 16:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (DumpDrv) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2011/03/29 06:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cjusb.sys -- (cjusb) DRV - [2010/06/10 06:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2010/04/19 12:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2009/12/24 03:36:19 | 000,028,616 | ---- | M] (G Data Software AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2009/12/17 18:27:18 | 000,068,976 | ---- | M] (G Data Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2009/12/17 16:56:07 | 000,055,624 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2009/12/17 16:56:02 | 000,034,632 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2009/12/17 16:55:39 | 000,051,784 | ---- | M] (G DATA Software AG) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2009/12/17 16:55:39 | 000,022,528 | ---- | M] (G DATA Software AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc) DRV - [2009/11/12 07:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/09/29 06:59:40 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009/09/28 16:58:16 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) DRV - [2007/07/27 05:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007/07/27 03:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007/05/31 02:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial) DRV - [2006/11/02 12:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/09/24 14:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror) DRV - [2006/09/24 14:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto] -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2006/09/11 06:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/09/11 06:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/09/11 06:45:26 | 000,110,592 | R--- | M] (NVIDIA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP) DRV - [2006/08/21 11:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2006/06/18 16:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006/04/28 11:27:48 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006/04/28 11:26:46 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2006/04/28 11:25:44 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2006/04/28 11:25:40 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2006/04/28 11:24:42 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2006/04/28 11:24:06 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2006/04/28 11:24:00 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2003/11/03 06:27:20 | 000,803,008 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmudau.sys -- (cmudau) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 17:09:02 | 000,000,000 | ---D | M] [2012/02/11 13:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009/03/18 12:32:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} O1 HOSTS File: ([2011/10/24 02:32:10 | 000,000,889 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 gs.apple.com O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Programme\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany) O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [Google Quick Search Box] C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [UltraMon] C:\Programme\UltraMon\UltraMon.exe (Realtime Soft) O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (Reg Error: Value error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218584557140 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237727011984 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Programme\DIALux\DLXToolBox.dll (DIAL GmbH, Germany) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\programme\g data\internetsecurity\avkkid\avkcks.exe) - C:\Programme\G Data\InternetSecurity\AVKKid\AvkCKS.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\38B98115A8BA9225E65E.exe) - C:\WINDOWS\system32\38B98115A8BA9225E65E.exe (Provtech Limited) O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/10 16:34:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/10/30 14:19:33 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: facemoods - hkey= - key= - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Programme\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard) MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Launch LCDMon - hkey= - key= - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) MsConfig - StartUpReg: Launch LGDCore - hkey= - key= - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Programme\Ahead\Nero BackItUp\NBKeyScan.exe (Ahead Software AG) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2012/02/18 10:05:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\TEMP.NT-AUTORITÄT\Lokale Einstellungen\Anwendungsdaten\Microsoft [2012/02/17 17:12:01 | 000,000,000 | -HSD | C] -- C:\found.007 [2012/02/17 17:00:18 | 000,040,960 | -H-- | C] (Provtech Limited) -- C:\WINDOWS\System32\38B98115A8BA9225E65E.exe [2012/01/28 06:38:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Media Finder [2012/01/28 06:37:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ] [318 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/18 10:07:57 | 000,020,808 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/02/18 10:07:47 | 000,181,020 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/02/18 10:05:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/17 17:42:00 | 000,001,222 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2052111302-839522115-1004UA.job [2012/02/17 17:00:18 | 000,040,960 | -H-- | M] (Provtech Limited) -- C:\WINDOWS\System32\38B98115A8BA9225E65E.exe [2012/02/17 16:53:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/17 09:33:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2012/02/17 09:27:05 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2012/02/17 08:54:42 | 000,206,630 | ---- | M] () -- C:\cc_20120217_145411.reg [2012/02/17 08:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A3B21E88-546F-49CF-8574-D0EB02486590}.job [2012/02/16 18:42:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2052111302-839522115-1004Core.job [2012/02/16 06:00:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\OutBack_Plus_Update_Check.job [2012/02/15 21:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2012/02/15 13:39:48 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/02/14 21:07:05 | 000,492,092 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/02/14 21:07:05 | 000,447,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/02/14 21:07:05 | 000,097,232 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/02/14 21:07:05 | 000,073,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/02/14 21:02:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/02/12 04:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX Plus [2012/02/02 08:37:28 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh323 [2012/02/02 07:01:48 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh320 [2012/02/02 06:56:54 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh321 [2012/02/02 06:54:18 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh322 [2012/02/01 17:17:40 | 000,000,432 | ---- | M] () -- C:\WINDOWS\brwmark.ini [2012/01/28 06:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Media Finder [2012/01/28 06:38:12 | 000,000,237 | ---- | M] () -- C:\user.js [2012/01/21 08:17:05 | 000,001,804 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk [318 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh323 [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh322 [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh321 [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh320 [2012/02/17 17:00:36 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh324 [2012/02/17 08:54:37 | 000,206,630 | ---- | C] () -- C:\cc_20120217_145411.reg [2012/02/14 19:15:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/14 19:15:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012/01/28 06:37:24 | 000,000,237 | ---- | C] () -- C:\user.js [2012/01/21 08:17:05 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk [2011/12/13 01:19:40 | 000,000,396 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini [2011/12/13 01:19:35 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialXP.dll [2011/12/13 01:19:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\win32com.dll [2011/10/24 05:07:44 | 000,058,452 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/10/05 13:26:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2011/01/27 10:43:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontend.INI [2010/11/25 02:30:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2010/10/26 15:05:10 | 000,000,065 | ---- | C] () -- C:\WINDOWS\CMS-Mark-Win.INI [2010/06/24 15:50:38 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010/05/07 04:00:13 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\cute2mon2k.dll [2010/05/07 04:00:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstcp.exe [2009/11/04 16:50:20 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat [2009/11/04 16:49:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2009/11/04 16:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2009/10/27 05:13:50 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Dialux.ini [2009/09/29 06:59:43 | 000,030,374 | ---- | C] () -- C:\WINDOWS\System32\jcsball.dat [2009/09/29 06:59:43 | 000,009,572 | ---- | C] () -- C:\WINDOWS\System32\jerror.dat [2009/09/28 16:58:24 | 001,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll [2009/09/28 16:58:22 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll [2009/09/28 16:58:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe [2009/07/05 13:31:42 | 000,016,098 | ---- | C] () -- C:\WINDOWS\German2.ini [2009/06/18 09:48:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CAI.INI [2009/03/26 11:46:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2009/03/26 11:46:23 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2009/02/23 02:43:30 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2008/11/11 09:50:18 | 000,010,593 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2008/09/19 18:34:04 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2008/08/24 17:23:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2008/08/24 17:22:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008/08/24 17:22:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2008/08/12 21:22:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/08/10 20:09:19 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2008/08/10 18:55:41 | 000,000,861 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2008/08/10 18:55:41 | 000,000,432 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2008/08/10 18:55:41 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2008/08/10 18:55:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008/08/10 18:55:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2008/08/10 18:28:44 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/08/10 18:09:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUSB2Uninstall.exe [2008/08/10 18:09:48 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.exe [2008/08/10 18:09:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll [2008/08/10 17:31:33 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/08/10 17:31:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008/08/10 16:51:13 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/08/10 16:47:06 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2008/08/10 16:35:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/08/10 16:31:47 | 000,022,924 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/08/10 07:01:22 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2008/08/09 19:11:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/08/09 19:08:17 | 000,284,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/05/26 15:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008/05/26 15:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008/05/26 15:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008/05/26 14:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 14:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008/05/16 07:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/16 07:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008/05/16 07:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/05/16 07:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008/05/16 07:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/16 07:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/16 07:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008/05/16 07:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008/05/16 07:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/04/14 01:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006/12/31 00:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/17 07:03:41 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004608_.tmp.dll [2004/08/17 07:01:03 | 000,492,092 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004/08/17 07:01:03 | 000,447,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/17 07:01:01 | 000,097,232 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004/08/17 07:01:01 | 000,073,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/17 07:00:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/17 06:56:38 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004640_.tmp.dll [2003/02/20 10:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/12/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/12/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/12/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/12/31 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2002/12/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/12/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/12/31 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2002/12/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/12/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2010/08/29 05:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AJSystems [2012/01/28 06:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2011/10/05 01:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2010/06/24 15:50:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009/10/27 17:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DIALux [2010/10/19 19:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Drivers For Free [2008/08/26 00:04:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2010/01/14 05:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2010/10/30 14:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2008/08/29 02:51:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IrfanView [2010/02/20 04:51:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3 Remix [2011/12/13 01:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REINER SCT [2009/11/13 04:25:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RetroExp [2010/08/29 05:24:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010/10/19 19:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB [2011/10/05 02:12:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2E51849B-6C53-4B47-9E70-462912833018} [2011/05/14 18:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/01/11 08:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/07 12:14:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2012/02/16 06:00:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\OutBack_Plus_Update_Check.job [2012/02/17 08:44:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A3B21E88-546F-49CF-8574-D0EB02486590}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008/12/24 13:52:02 | 000,000,000 | ---D | M] -- C:\bcda16ce15b735abf6638eda64 [2009/11/04 17:00:12 | 000,000,000 | ---D | M] -- C:\BrCollectDir [2009/11/04 16:49:03 | 000,000,000 | ---D | M] -- C:\Brother [2009/11/24 09:37:26 | 000,000,000 | ---D | M] -- C:\CA_APPSW [2008/08/12 20:19:28 | 000,000,000 | RHSD | M] -- C:\cmdcons [2012/02/15 21:00:54 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/03/22 10:22:39 | 000,000,000 | ---D | M] -- C:\def1f5c0bf6818038a5a28604230ca [2012/02/18 10:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011/03/19 23:32:42 | 000,000,000 | ---D | M] -- C:\Downloads [2010/11/25 02:29:55 | 000,000,000 | ---D | M] -- C:\Elcom [2009/11/24 09:37:29 | 000,000,000 | ---D | M] -- C:\Elda2000 [2009/03/02 05:44:04 | 000,000,000 | ---D | M] -- C:\Finereader [2009/07/05 08:31:28 | 000,000,000 | -HSD | M] -- C:\found.000 [2009/12/14 15:41:49 | 000,000,000 | -HSD | M] -- C:\found.001 [2009/12/22 14:57:37 | 000,000,000 | -HSD | M] -- C:\found.002 [2010/01/29 01:19:47 | 000,000,000 | -HSD | M] -- C:\found.003 [2010/02/01 12:08:28 | 000,000,000 | -HSD | M] -- C:\found.004 [2010/02/04 01:20:18 | 000,000,000 | -HSD | M] -- C:\found.005 [2010/02/10 01:56:11 | 000,000,000 | -HSD | M] -- C:\found.006 [2012/02/17 17:12:01 | 000,000,000 | -HSD | M] -- C:\found.007 [2011/01/27 10:19:18 | 000,000,000 | ---D | M] -- C:\JSDK2.0 [2010/01/09 11:54:31 | 000,000,000 | ---D | M] -- C:\Kalkulationsdaten [2008/08/11 04:14:56 | 000,000,000 | ---D | M] -- C:\Logs [2011/10/13 03:14:10 | 000,000,000 | ---D | M] -- C:\Lyrics [2009/06/09 09:19:03 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008/08/10 17:39:06 | 000,000,000 | ---D | M] -- C:\NVIDIA [2010/01/11 07:20:36 | 000,000,000 | ---D | M] -- C:\OLIGO Lichttechnik GmbH [2012/02/17 09:34:34 | 000,000,000 | R--D | M] -- C:\Programme [2008/08/17 05:20:36 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2009/12/17 16:57:51 | 000,000,000 | ---D | M] -- C:\SMCLpav [2012/02/17 17:20:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/12/27 11:06:08 | 000,000,000 | ---D | M] -- C:\totalcmd [2011/12/13 01:18:35 | 000,000,000 | ---D | M] -- C:\Treiber [2012/02/01 16:34:00 | 000,000,000 | ---D | M] -- C:\TSHK32 [2012/02/18 03:50:46 | 000,000,000 | ---D | M] -- C:\WINDOWS [2010/10/28 15:00:19 | 000,000,000 | ---D | M] -- C:\XGKE [2009/02/12 05:26:37 | 000,000,000 | ---D | M] -- C:\zveh [2009/02/03 23:15:43 | 000,000,000 | ---D | M] -- C:\ZVEH Daten [2009/02/03 09:48:28 | 000,000,000 | ---D | M] -- C:\ZVEHKFE < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/09/28 17:00:28 | 017,815,866 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2009/09/28 17:00:28 | 017,815,866 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2009/09/28 16:55:56 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=D999CF40BD4EEB69FAB32069CA9D65B1 -- C:\WINDOWS\explorer.exe [2009/09/28 16:55:56 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=D999CF40BD4EEB69FAB32069CA9D65B1 -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IASTOR.SYS > [2004/08/17 07:09:44 | 000,467,200 | R--- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\cmdcons\iastor.sys [2004/08/17 07:09:44 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys < MD5 for: NETLOGON.DLL > [2009/09/28 16:56:52 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=98731276ECE6966F4DA540FAB9512F6F -- C:\WINDOWS\system32\dllcache\netlogon.dll [2009/09/28 16:56:52 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=98731276ECE6966F4DA540FAB9512F6F -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATA.SYS > [2006/08/21 11:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys < MD5 for: SCECLI.DLL > [2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2009/09/28 16:57:44 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=8069CBC1DAA6DE61A6B438EA0D4AE2A0 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2009/09/28 16:57:44 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=8069CBC1DAA6DE61A6B438EA0D4AE2A0 -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2002/12/31 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2002/12/31 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009/10/07 16:31:10 | 000,524,288 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009/10/07 16:30:34 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav [2009/10/07 18:58:23 | 031,457,280 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/10/07 18:58:23 | 006,815,744 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2011/03/03 01:53:44 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2011/12/18 08:43:24 | 011,082,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2011/12/17 14:43:23 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/13 21:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2009/09/28 16:56:52 | 000,068,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2011/01/21 09:42:27 | 008,504,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll [318 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 @Alternate Data Stream - 207 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:711B5EDE < End of report > Geändert von handwerk (19.02.2012 um 14:02 Uhr) Grund: Scan hinzugefügt |
19.02.2012, 16:40 | #2 |
/// Malware-holic | Gema Trojaner mit XP - Kein Abgesicherter Modus möglich hi,
__________________na dann wollen wir mal. auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\38B98115A8BA9225E65E.exe) - C:\WINDOWS\system32\38B98115A8BA9225E65E.exe (Provtech Limited) :Files C:\WINDOWS\system32\38B98115A8BA9225E65E.exe) - C:\WINDOWS\system32\38B98115A8BA9225E65E.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
19.02.2012, 16:43 | #3 |
| Gema Trojaner mit XP - Kein Abgesicherter Modus möglich Nochmals ich
__________________Ich habe noch ein wenig in eurem Forum gestöbert und bin da auf ein paar Dinge gestoßen, die sich wie folgt darstellen Zum Fehler des OTLPE habe ich in http://www.trojaner-board.de/98186-b...er.htmlPosting gleich den Hinweis gefunden auf Datensicherung und Neuinstallation. Ich hoffe ich komme wenigstens zur Datensicherung nochmals auf die Installation. Zum Hinweis in den FAQ sei bitte darauf hingewiesen, dass ich lediglich ein Nebengewerbe angemeldet habe und keine IT Abteilung besitze. Diese bin wenn überhaupt ich selbst. Die Spende spende ich doch gerne dann Sollte ich wirklich nicht mehr "heilbar" sein, wäre ich für eine erste Hilfestellung zur Datensicherung recht froh. Am einfachsten wäre es für mich über meine Netzwerkfestplatte zu sichern. Diese finde ich aber in der Netzwerkumgebung des Retage OS nicht. Gibt es zudem eine Möglichkeit meine Emails zu retten unter Outlook? Gruß und im voraus Handwerk |
19.02.2012, 16:55 | #4 |
/// Malware-holic | Gema Trojaner mit XP - Kein Abgesicherter Modus möglich hi, der spendenlink ist immer in meiner signatur :-) hast du mein otl script probiert und wenn ja wo hakt es? dein pc ist zu retten, zumindest laut dieses ersten logs.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.02.2012, 17:49 | #5 |
| Gema Trojaner mit XP - Kein Abgesicherter Modus möglich Hallo Markus Noch bin ich etwas verwirrt. 1. Das Programm OTLPE kann ich nur starten, wenn ich die Benutzerprofile nicht auswähle. Edit: Bei meinem Scan hatte ich den Button "Extra Registry: Use SafeList" nicht aktiviert. Jetzt lasse ich nochmals einen Scan durchlaufen - und leider wieder zu spät gesehen, dass die Ausgabe noch auf "Standard Output". Diese mache ich als Anhang hier ran. Minimalausgabe setzte ich als CODE 2. Verstehe ich es richtig, dass ich dein Script in die "Custum Scan/Fixes" hineinkopiere und dann "Run Fix" betätige? Ich will hier nichts noch mehr kaputt machen- darum meine Rückfrage 3. ...du hast keine Signatur bei mir angezeigt edit: Signatur gefunden. Ich bin ein Blindfisch :-) Spende ist raus - ich hoffe es ist für den Anfang angemessen. Geändert von handwerk (19.02.2012 um 18:06 Uhr) Grund: Link mit FAQ zu OTLPE gefunden und Posting ergänzt |
19.02.2012, 18:12 | #6 |
| Gema Trojaner mit XP - Kein Abgesicherter Modus möglich Hier nochmals die neuen Logs Minimalausgabe hier OTL Code:
ATTFilter OTL logfile created on: 2/19/2012 6:06:13 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298.08 Gb Total Space | 104.15 Gb Free Space | 34.94% Space Free | Partition Type: NTFS Drive D: | 97.65 Gb Total Space | 37.11 Gb Free Space | 38.00% Space Free | Partition Type: NTFS Drive E: | 111.80 Gb Total Space | 59.24 Gb Free Space | 52.99% Space Free | Partition Type: NTFS Drive F: | 963.70 Mb Total Space | 15.42 Mb Free Space | 1.60% Space Free | Partition Type: FAT Drive G: | 30.34 Gb Total Space | 1.46 Gb Free Space | 4.83% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (cjpcsc) -- C:\WINDOWS\system32\cjpcsc.exe (REINER SCT) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (DevoloNetworkService) -- C:\Programme\devolo\dlan\devolonetsvc.exe (devolo AG) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (AVKProxy) -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (AVKService) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) SRV - (avmidentd) -- C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe (AVM Berlin) SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (DumpDrv) -- File not found DRV - (Changer) -- File not found DRV - (cjusb) -- C:\WINDOWS\system32\drivers\cjusb.sys (REINER SCT) DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\WINDOWS\system32\drivers\npf_devolo.sys (CACE Technologies) DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.) DRV - (GDBehave) -- C:\WINDOWS\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (GRD) -- C:\WINDOWS\system32\drivers\GRD.sys (G Data Software) DRV - (GDMnIcpt) -- C:\WINDOWS\system32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (HookCentre) -- C:\WINDOWS\system32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDTdiInterceptor) -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys (G DATA Software AG) DRV - (GDNdisIc) -- C:\WINDOWS\system32\drivers\GDNdisIc.sys (G DATA Software AG) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) Codename Longhorn DDK provider) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec) DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (bizVSerial) -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys (franson.biz) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (UltraMonMirror) -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys (Realtime Soft) DRV - (UltraMonUtility) -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (NVTCP) -- C:\WINDOWS\system32\drivers\nvtcp.sys (NVIDIA Corporation) DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI) DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI) DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI) DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI) DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI) DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI) DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI) DRV - (cmudau) -- C:\WINDOWS\system32\drivers\cmudau.sys (C-Media Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 17:09:02 | 000,000,000 | ---D | M] [2012/02/11 13:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009/03/18 12:32:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} O1 HOSTS File: ([2011/10/24 02:32:10 | 000,000,889 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 gs.apple.com O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Programme\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany) O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [Google Quick Search Box] C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [UltraMon] C:\Programme\UltraMon\UltraMon.exe (Realtime Soft) O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (Reg Error: Value error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218584557140 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237727011984 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Programme\DIALux\DLXToolBox.dll (DIAL GmbH, Germany) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\programme\g data\internetsecurity\avkkid\avkcks.exe) - C:\Programme\G Data\InternetSecurity\AVKKid\AvkCKS.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\38B98115A8BA9225E65E.exe) - C:\WINDOWS\system32\38B98115A8BA9225E65E.exe (Provtech Limited) O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/10 16:34:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/10/30 14:19:33 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/19 17:58:54 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/19 15:44:22 | 002,805,464 | ---- | C] (Symantec Corporation) -- C:\NPE.exe [2012/02/17 17:12:01 | 000,000,000 | -HSD | C] -- C:\found.007 [2012/02/17 17:00:18 | 000,040,960 | -H-- | C] (Provtech Limited) -- C:\WINDOWS\System32\38B98115A8BA9225E65E.exe [2012/01/28 06:38:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Media Finder [2012/01/28 06:37:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ] [318 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/19 15:45:48 | 002,805,464 | ---- | M] (Symantec Corporation) -- C:\NPE.exe [2012/02/19 10:02:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A3B21E88-546F-49CF-8574-D0EB02486590}.job [2012/02/19 10:00:16 | 000,181,020 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/02/19 09:58:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/18 10:07:57 | 000,020,808 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/02/17 17:42:00 | 000,001,222 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2052111302-839522115-1004UA.job [2012/02/17 17:00:18 | 000,040,960 | -H-- | M] (Provtech Limited) -- C:\WINDOWS\System32\38B98115A8BA9225E65E.exe [2012/02/17 16:53:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/17 09:33:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2012/02/17 09:27:05 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2012/02/17 08:54:42 | 000,206,630 | ---- | M] () -- C:\cc_20120217_145411.reg [2012/02/16 18:42:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2052111302-839522115-1004Core.job [2012/02/16 06:00:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\OutBack_Plus_Update_Check.job [2012/02/15 21:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2012/02/15 13:39:48 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/02/14 21:07:05 | 000,492,092 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/02/14 21:07:05 | 000,447,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/02/14 21:07:05 | 000,097,232 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/02/14 21:07:05 | 000,073,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/02/14 21:02:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/02/12 04:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX Plus [2012/02/02 08:37:28 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh323 [2012/02/02 07:01:48 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh320 [2012/02/02 06:56:54 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh321 [2012/02/02 06:54:18 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh322 [2012/02/01 17:17:40 | 000,000,432 | ---- | M] () -- C:\WINDOWS\brwmark.ini [2012/01/28 06:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Media Finder [2012/01/28 06:38:12 | 000,000,237 | ---- | M] () -- C:\user.js [2012/01/21 08:17:05 | 000,001,804 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk [318 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh323 [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh322 [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh321 [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh320 [2012/02/17 17:00:36 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh324 [2012/02/17 08:54:37 | 000,206,630 | ---- | C] () -- C:\cc_20120217_145411.reg [2012/02/14 19:15:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/14 19:15:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012/01/28 06:37:24 | 000,000,237 | ---- | C] () -- C:\user.js [2012/01/21 08:17:05 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk [2011/12/13 01:19:40 | 000,000,396 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini [2011/12/13 01:19:35 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialXP.dll [2011/12/13 01:19:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\win32com.dll [2011/10/24 05:07:44 | 000,058,452 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/10/13 01:59:22 | 000,502,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011/10/05 13:26:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2011/01/27 10:43:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontend.INI [2010/11/25 02:30:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2010/10/26 15:05:10 | 000,000,065 | ---- | C] () -- C:\WINDOWS\CMS-Mark-Win.INI [2010/06/24 15:50:38 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010/05/07 04:00:13 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\cute2mon2k.dll [2010/05/07 04:00:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstcp.exe [2009/12/11 03:48:16 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2009/12/11 03:48:16 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2009/12/11 03:48:16 | 000,000,889 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2009/11/04 16:50:20 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat [2009/11/04 16:49:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2009/11/04 16:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2009/10/27 05:13:50 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Dialux.ini [2009/09/29 06:59:43 | 000,030,374 | ---- | C] () -- C:\WINDOWS\System32\jcsball.dat [2009/09/29 06:59:43 | 000,009,572 | ---- | C] () -- C:\WINDOWS\System32\jerror.dat [2009/09/28 16:58:24 | 001,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll [2009/09/28 16:58:22 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll [2009/09/28 16:58:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe [2009/07/05 13:31:42 | 000,016,098 | ---- | C] () -- C:\WINDOWS\German2.ini [2009/06/18 09:48:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CAI.INI [2009/03/26 11:46:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2009/03/26 11:46:23 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2009/02/23 02:43:30 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2008/11/11 09:50:18 | 000,010,593 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2008/09/19 18:34:04 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2008/08/24 17:23:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2008/08/24 17:22:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008/08/24 17:22:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2008/08/12 21:22:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/08/10 20:09:19 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2008/08/10 18:55:41 | 000,000,861 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2008/08/10 18:55:41 | 000,000,432 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2008/08/10 18:55:41 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2008/08/10 18:55:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008/08/10 18:55:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2008/08/10 18:28:44 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/08/10 18:09:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUSB2Uninstall.exe [2008/08/10 18:09:48 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.exe [2008/08/10 18:09:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll [2008/08/10 17:31:33 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/08/10 17:31:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008/08/10 16:51:13 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/08/10 16:47:06 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2008/08/10 16:35:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/08/10 16:31:47 | 000,022,924 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/08/10 07:01:22 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2008/08/09 19:11:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/08/09 19:08:17 | 000,284,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/05/26 15:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008/05/26 15:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008/05/26 15:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008/05/26 14:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 14:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008/05/16 07:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/16 07:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008/05/16 07:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/05/16 07:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008/05/16 07:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/16 07:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/16 07:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008/05/16 07:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008/05/16 07:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/04/14 01:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006/12/31 00:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/17 07:03:41 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004608_.tmp.dll [2004/08/17 07:01:03 | 000,492,092 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004/08/17 07:01:03 | 000,447,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/17 07:01:01 | 000,097,232 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004/08/17 07:01:01 | 000,073,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/17 07:00:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/17 06:56:38 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004640_.tmp.dll [2003/02/20 10:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/12/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/12/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/12/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/12/31 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2002/12/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/12/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/12/31 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2002/12/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/12/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2010/08/29 05:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AJSystems [2012/01/28 06:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2011/10/05 01:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2010/06/24 15:50:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009/10/27 17:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DIALux [2010/10/19 19:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Drivers For Free [2008/08/26 00:04:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2010/01/14 05:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2010/10/30 14:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2008/08/29 02:51:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IrfanView [2010/02/20 04:51:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3 Remix [2011/12/13 01:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REINER SCT [2009/11/13 04:25:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RetroExp [2010/08/29 05:24:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010/10/19 19:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB [2011/10/05 02:12:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2E51849B-6C53-4B47-9E70-462912833018} [2011/05/14 18:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/01/11 08:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/07 12:14:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2012/02/16 06:00:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\OutBack_Plus_Update_Check.job [2012/02/19 10:02:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A3B21E88-546F-49CF-8574-D0EB02486590}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 @Alternate Data Stream - 207 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:711B5EDE < End of report > Code:
ATTFilter OTL Extras logfile created on: 2/19/2012 6:06:13 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298.08 Gb Total Space | 104.15 Gb Free Space | 34.94% Space Free | Partition Type: NTFS Drive D: | 97.65 Gb Total Space | 37.11 Gb Free Space | 38.00% Space Free | Partition Type: NTFS Drive E: | 111.80 Gb Total Space | 59.24 Gb Free Space | 52.99% Space Free | Partition Type: NTFS Drive F: | 963.70 Mb Total Space | 15.42 Mb Free Space | 1.60% Space Free | Partition Type: FAT Drive G: | 30.34 Gb Total Space | 1.46 Gb Free Space | 4.83% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab) "C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\Programme\GIGABYTE\@BIOS\gwflash.exe" = C:\Programme\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:gwflash -- () "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 "C:\Programme\TVersity\Media Server\MediaServer.exe" = C:\Programme\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server "C:\Dokumente und Einstellungen\ETM-Saar\Lokale Einstellungen\Temp\7zS2.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\ETM-Saar\Lokale Einstellungen\Temp\7zS2.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation) "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe" = C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe:*:Enabled:AVM FRITZ!Box Kindersicherung -- (AVM Berlin) "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin) "C:\Dokumente und Einstellungen\ETM-Saar\Eigene Dateien\Downloads\Iphone\SweetImSetup.exe" = C:\Dokumente und Einstellungen\ETM-Saar\Eigene Dateien\Downloads\Iphone\SweetImSetup.exe:*:Enabled:SweetIM Installer "C:\Dokumente und Einstellungen\ETM-Saar\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RMN8HIGT\SweetImSetup[1].exe" = C:\Dokumente und Einstellungen\ETM-Saar\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RMN8HIGT\SweetImSetup[1].exe:*:Enabled:SweetIM Installer "C:\Programme\devolo\dlan\devolonetsvc.exe" = C:\Programme\devolo\dlan\devolonetsvc.exe:*:Enabled:devolo dLAN Cockpit -- (devolo AG) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0E7C3C1E-ABE5-41B7-AE52-83B4C5D8CF62}" = ThermaCAM QuickReport "{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14F3F3DD-E409-4043-B4BF-1D0C3C17A1AA}" = StarMoney "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17 "{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool "{2DA701B1-5597-44BA-BA96-ED6A737CCA57}" = Playlist Management "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B7.0108.01 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4086BCA1-9B64-498B-8B8B-CA236029C816}" = Adobe Setup "{458CD97D-56E5-4330-81DB-5829500BBF7A}" = Adobe GoLive 9 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{6A6F0F1E-39F8-469E-A82B-C0BD5B3E77B0}" = gSyncit "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15 "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81AD9228-21AC-4DBD-AE33-98146A88BAA8}" = Philips Product Selector 5.2.5.0 "{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8814711D-2550-4481-B794-16FEA8E6F45D}" = ThermaCAM QuickReport English Language Pack "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2 "{8D13A4AE-45E9-4096-9107-727E2588DAF9}" = ThermaCAM QuickReport German Language Pack "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}" = hp deskjet 3600 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{948BE614-F37B-4A73-AD43-0245F23C110D}" = Logitech GamePanel Software 2.00 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96BEDBDA-EB5C-499F-8AFC-1AC00FC2E0F8}" = ThermaCAM QuickReport "{96F51932-0944-4D62-945F-E6837E510462}" = AVM FRITZ!Box AddOn (IE) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A47AFECA-7F0F-471A-82A3-68DEB673A311}" = AVM FRITZ!Box-Kindersicherung "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS B07.0108.01 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity "{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{E67FF1A2-23C1-4102-84E9-42115F77AD32}" = UltraMon "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B06.1129.01 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "3D Wohnungsplaner 8_is1" = DATA BECKER 3D Wohnungsplaner 8 "5513-1208-7298-9440" = JDownloader 0.9 "812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Testversion) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_a7223e4b8dff4f6a5bb90518a80851d" = Adobe GoLive 9 "Ausschreibungstexte 2008" = Ausschreibungstexte 2008 "Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1 "Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5 "BLASC 2.0" = BLASC 2.0 "CCleaner" = CCleaner "CMS-Mark-Win" = CMS-Mark-Win "Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit "DIALux" = DIALux 4.7 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX-Setup "dlancockpit" = devolo dLAN Cockpit "Elcom 5.0" = Hager - Tehalit 5.0 "ElcomPDF" = ElcomPDF "ElcomPdf Port Monitor" = ElcomPdf "ELDA2000" = \ELDA2000\ "facemoods" = Facemoods Toolbar "FileZilla Client" = FileZilla Client 3.1.1.1 "foobar2000" = foobar2000 v1.1.10 "Free Studio_is1" = Free Studio version 5.3.3 "FreePDF_XP" = FreePDF XP (Remove only) "G15_TeamSpeak" = G15_TeamSpeak (NSIS) "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "Hager Technischen Dokumente" = Hager Technischen Dokumente "HijackThis" = HijackThis 2.0.2 "ICQToolbar" = ICQ Toolbar "ie8" = Windows Internet Explorer 8 "iLivid" = iLivid "InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "InstallShield_{81AD9228-21AC-4DBD-AE33-98146A88BAA8}" = Philips Product Selector 5.2.5.0 "IrfanView" = IrfanView (remove only) "JSDK2.0" = Java Servlet Development Kit 2.0 "KFEViewer32_27B_is1" = KFEViewer32_27B 08/09/26a "Kurs 1 5.0 Spanisch" = Langenscheidt Kurs 1 5.0 Spanisch "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MP3 Remix for Winamp" = MP3 Remix for Winamp "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NAVIGON Fresh" = NAVIGON Fresh 3.3.2 "NeroBackItUp!UninstallKey" = Nero BackItUp "NVIDIA Drivers" = NVIDIA Drivers "PROHYBRIDR" = 2007 Microsoft Office system "ProtectDisc Driver 10" = ProtectDisc Helper Driver 10 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Semiolog2" = Semiolog "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Totalcmd" = Total Commander (Remove or Repair) "VLC media player" = VLC media player 1.1.11 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR "winscp3_is1" = WinSCP 4.1.8 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "World of Warcraft" = World of Warcraft "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XPSP3UPPACK" = Sereby's XP SP3 Updatepack Version 3.9.9 "ZPlan21" = Hager - Tehalit 5.0 < End of report > Geändert von handwerk (19.02.2012 um 18:18 Uhr) |
19.02.2012, 18:33 | #7 |
/// Malware-holic | Gema Trojaner mit XP - Kein Abgesicherter Modus möglich hi, genau, einfach mein script ab :OTL bis reboot in die box kopieren und auf run fix klicken.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.02.2012, 18:36 | #8 |
| Gema Trojaner mit XP - Kein Abgesicherter Modus möglich Soweit, so klar. Wie lange dauert in etwa so ein Fix. Das Programm hat die fix.txt gefressen und nun ist seit ca. 5Minuten Stillstand. Man sieht auch keine Fortschrittsanzeigen o.ä. Ist das normal? Ich gehe mal rauchen und vertreibe mir die Zeit ein wenig |
19.02.2012, 18:38 | #9 |
/// Malware-holic | Gema Trojaner mit XP - Kein Abgesicherter Modus möglich konntest du den fix buton anklicken? falls nicht, evtl. selbst mal neustarten und die cd rausnehmen, bzw mit der cd starten und den fix mal per hand eingeben.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.02.2012, 18:39 | #10 |
| Gema Trojaner mit XP - Kein Abgesicherter Modus möglich nein. den fix button kann ich nicht klicken. Nach Aufruf die Datei (fix.txt) anzugeben kommt wieder OTLPE Startbild, aber nicht mehr klickbar Edit: Ich trage jetzt mal den script manuell ein.......abwarten. Zuvor boote ich CD neu |
19.02.2012, 18:45 | #11 |
/// Malware-holic | Gema Trojaner mit XP - Kein Abgesicherter Modus möglich genau, dann kann er die txt nämlich nciht richtig laden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.02.2012, 18:53 | #12 |
| Gema Trojaner mit XP - Kein Abgesicherter Modus möglich So,...das war wohl noch nix Fix ist durchgelaufen, dann kam Frage nach Reboot -> Yes -> CD wurde ausgeworfen und entnommen -> Anmeldebildschirm -> Angemeldet und immer noch ist dieses ****** Bild "Der Zugung zu Ihrem Computer wurde gesperrt...." von der Gema drauf. Hast du noch eine Idee? Liegt es daran, dass ich vor dem Scan die Benutzer nicht aktivieren kann? Gruß Ralf |
19.02.2012, 19:40 | #13 |
| Gema Trojaner mit XP - Kein Abgesicherter Modus möglich Ich war jetzt mal kurz verschnaufen. Ich bekomme schon ganz viereckige Augen vom ganzen Lesen und Bildschirm glotzen.... Ich habe nochmals einen Scan laufen laussen. OTL Code:
ATTFilter OTL logfile created on: 2/19/2012 7:33:09 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298.08 Gb Total Space | 104.36 Gb Free Space | 35.01% Space Free | Partition Type: NTFS Drive D: | 97.65 Gb Total Space | 37.11 Gb Free Space | 38.00% Space Free | Partition Type: NTFS Drive E: | 111.80 Gb Total Space | 59.24 Gb Free Space | 52.99% Space Free | Partition Type: NTFS Drive F: | 963.70 Mb Total Space | 15.30 Mb Free Space | 1.59% Space Free | Partition Type: FAT Drive G: | 30.34 Gb Total Space | 1.46 Gb Free Space | 4.83% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2011/07/22 02:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto] -- C:\WINDOWS\system32\cjpcsc.exe -- (cjpcsc) SRV - [2011/02/18 09:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/12/23 05:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService) SRV - [2010/09/06 11:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/03/04 16:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/12/07 08:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009/11/26 06:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009/11/24 20:07:32 | 001,251,488 | ---- | M] (G Data Software AG) [Auto] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2009/11/24 20:05:05 | 001,547,104 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2009/08/08 06:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2009/07/28 09:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2008/11/03 18:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/08/10 19:25:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007/09/10 17:45:04 | 000,124,832 | ---- | M] () [Auto] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2006/10/26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/09/11 12:59:28 | 000,172,032 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2006/09/11 12:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp) SRV - [2006/09/11 12:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2006/08/21 10:57:50 | 000,049,152 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe -- (avmidentd) SRV - [2006/04/13 09:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) SRV - [2003/06/19 16:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (DumpDrv) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2011/03/29 06:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cjusb.sys -- (cjusb) DRV - [2010/06/10 06:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2010/04/19 12:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2009/12/24 03:36:19 | 000,028,616 | ---- | M] (G Data Software AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2009/12/17 18:27:18 | 000,068,976 | ---- | M] (G Data Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2009/12/17 16:56:07 | 000,055,624 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2009/12/17 16:56:02 | 000,034,632 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2009/12/17 16:55:39 | 000,051,784 | ---- | M] (G DATA Software AG) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2009/12/17 16:55:39 | 000,022,528 | ---- | M] (G DATA Software AG) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc) DRV - [2009/11/12 07:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/09/29 06:59:40 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009/09/28 16:58:16 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) DRV - [2007/07/27 05:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007/07/27 03:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007/05/31 02:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial) DRV - [2006/11/02 12:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/09/24 14:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror) DRV - [2006/09/24 14:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto] -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2006/09/11 06:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/09/11 06:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/09/11 06:45:26 | 000,110,592 | R--- | M] (NVIDIA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP) DRV - [2006/08/21 11:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2006/06/18 16:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006/04/28 11:27:48 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006/04/28 11:26:46 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2006/04/28 11:25:44 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2006/04/28 11:25:40 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2006/04/28 11:24:42 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2006/04/28 11:24:06 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2006/04/28 11:24:00 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2003/11/03 06:27:20 | 000,803,008 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmudau.sys -- (cmudau) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 17:09:02 | 000,000,000 | ---D | M] [2012/02/11 13:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009/03/18 12:32:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} O1 HOSTS File: ([2011/10/24 02:32:10 | 000,000,889 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 gs.apple.com O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Programme\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany) O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [Google Quick Search Box] C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [UltraMon] C:\Programme\UltraMon\UltraMon.exe (Realtime Soft) O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (Reg Error: Value error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218584557140 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237727011984 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Programme\DIALux\DLXToolBox.dll (DIAL GmbH, Germany) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\programme\g data\internetsecurity\avkkid\avkcks.exe) - C:\Programme\G Data\InternetSecurity\AVKKid\AvkCKS.exe () O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/10 16:34:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/10/30 14:19:33 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/19 18:47:57 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012/02/19 17:58:54 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/19 15:44:22 | 002,805,464 | ---- | C] (Symantec Corporation) -- C:\NPE.exe [2012/02/17 17:12:01 | 000,000,000 | -HSD | C] -- C:\found.007 [2012/01/28 06:38:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Media Finder [2012/01/28 06:37:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/19 15:45:48 | 002,805,464 | ---- | M] (Symantec Corporation) -- C:\NPE.exe [2012/02/19 12:53:29 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A3B21E88-546F-49CF-8574-D0EB02486590}.job [2012/02/19 12:52:45 | 000,020,808 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/02/19 12:50:47 | 000,181,020 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/02/19 12:50:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/17 17:42:00 | 000,001,222 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2052111302-839522115-1004UA.job [2012/02/17 16:53:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/17 09:33:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2012/02/17 09:27:05 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2012/02/17 08:54:42 | 000,206,630 | ---- | M] () -- C:\cc_20120217_145411.reg [2012/02/16 18:42:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2052111302-839522115-1004Core.job [2012/02/16 06:00:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\OutBack_Plus_Update_Check.job [2012/02/15 21:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2012/02/15 13:39:48 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/02/14 21:07:05 | 000,492,092 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/02/14 21:07:05 | 000,447,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/02/14 21:07:05 | 000,097,232 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/02/14 21:07:05 | 000,073,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/02/14 21:02:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/02/12 04:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DivX Plus [2012/02/02 08:37:28 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh323 [2012/02/02 07:01:48 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh320 [2012/02/02 06:56:54 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh321 [2012/02/02 06:54:18 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh322 [2012/02/01 17:17:40 | 000,000,432 | ---- | M] () -- C:\WINDOWS\brwmark.ini [2012/01/28 06:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Media Finder [2012/01/28 06:38:12 | 000,000,237 | ---- | M] () -- C:\user.js [2012/01/21 08:17:05 | 000,001,804 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh323 [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh322 [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh321 [2012/02/17 17:00:36 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh320 [2012/02/17 17:00:36 | 000,960,056 | ---- | C] () -- C:\WINDOWS\System32\winsh324 [2012/02/17 08:54:37 | 000,206,630 | ---- | C] () -- C:\cc_20120217_145411.reg [2012/02/14 19:15:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/14 19:15:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012/01/28 06:37:24 | 000,000,237 | ---- | C] () -- C:\user.js [2012/01/21 08:17:05 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk [2011/12/13 01:19:40 | 000,000,396 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini [2011/12/13 01:19:35 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialXP.dll [2011/12/13 01:19:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\win32com.dll [2011/10/24 05:07:44 | 000,058,452 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/10/13 01:59:22 | 000,502,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011/10/05 13:26:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2011/01/27 10:43:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontend.INI [2010/11/25 02:30:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2010/10/26 15:05:10 | 000,000,065 | ---- | C] () -- C:\WINDOWS\CMS-Mark-Win.INI [2010/06/24 15:50:38 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010/05/07 04:00:13 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\cute2mon2k.dll [2010/05/07 04:00:13 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstcp.exe [2009/12/11 03:48:16 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2009/12/11 03:48:16 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2009/12/11 03:48:16 | 000,000,889 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2009/11/04 16:50:20 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat [2009/11/04 16:49:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2009/11/04 16:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2009/10/27 05:13:50 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Dialux.ini [2009/09/29 06:59:43 | 000,030,374 | ---- | C] () -- C:\WINDOWS\System32\jcsball.dat [2009/09/29 06:59:43 | 000,009,572 | ---- | C] () -- C:\WINDOWS\System32\jerror.dat [2009/09/28 16:58:24 | 001,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll [2009/09/28 16:58:22 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll [2009/09/28 16:58:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe [2009/07/05 13:31:42 | 000,016,098 | ---- | C] () -- C:\WINDOWS\German2.ini [2009/06/18 09:48:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CAI.INI [2009/03/26 11:46:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2009/03/26 11:46:23 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2009/02/23 02:43:30 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2008/11/11 09:50:18 | 000,010,593 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2008/09/19 18:34:04 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2008/08/24 17:23:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2008/08/24 17:22:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008/08/24 17:22:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2008/08/12 21:22:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/08/10 20:09:19 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2008/08/10 18:55:41 | 000,000,861 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2008/08/10 18:55:41 | 000,000,432 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2008/08/10 18:55:41 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2008/08/10 18:55:41 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008/08/10 18:55:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2008/08/10 18:28:44 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/08/10 18:09:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUSB2Uninstall.exe [2008/08/10 18:09:48 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.exe [2008/08/10 18:09:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll [2008/08/10 17:31:33 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/08/10 17:31:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008/08/10 16:51:13 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/08/10 16:47:06 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2008/08/10 16:35:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/08/10 16:31:47 | 000,022,924 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/08/10 07:01:22 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2008/08/09 19:11:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/08/09 19:08:17 | 000,284,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/05/26 15:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008/05/26 15:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008/05/26 15:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008/05/26 14:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 14:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008/05/16 07:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/16 07:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008/05/16 07:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/05/16 07:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008/05/16 07:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/16 07:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/16 07:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008/05/16 07:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008/05/16 07:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/04/14 01:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006/12/31 00:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/17 07:03:41 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004608_.tmp.dll [2004/08/17 07:01:03 | 000,492,092 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004/08/17 07:01:03 | 000,447,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/17 07:01:01 | 000,097,232 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004/08/17 07:01:01 | 000,073,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/17 07:00:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/17 06:56:38 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004640_.tmp.dll [2003/02/20 10:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/12/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/12/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/12/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/12/31 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2002/12/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/12/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/12/31 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2002/12/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/12/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat ========== LOP Check ========== [2010/08/29 05:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AJSystems [2012/01/28 06:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2011/10/05 01:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2010/06/24 15:50:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2009/10/27 17:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DIALux [2010/10/19 19:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Drivers For Free [2008/08/26 00:04:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2010/01/14 05:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2010/10/30 14:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2008/08/29 02:51:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IrfanView [2010/02/20 04:51:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3 Remix [2011/12/13 01:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REINER SCT [2009/11/13 04:25:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RetroExp [2010/08/29 05:24:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010/10/19 19:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB [2011/10/05 02:12:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2E51849B-6C53-4B47-9E70-462912833018} [2011/05/14 18:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/01/11 08:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/07 12:14:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2012/02/16 06:00:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\OutBack_Plus_Update_Check.job [2012/02/19 12:53:29 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A3B21E88-546F-49CF-8574-D0EB02486590}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 @Alternate Data Stream - 207 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:711B5EDE < End of report > Code:
ATTFilter OTL Extras logfile created on: 2/19/2012 7:33:09 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298.08 Gb Total Space | 104.36 Gb Free Space | 35.01% Space Free | Partition Type: NTFS Drive D: | 97.65 Gb Total Space | 37.11 Gb Free Space | 38.00% Space Free | Partition Type: NTFS Drive E: | 111.80 Gb Total Space | 59.24 Gb Free Space | 52.99% Space Free | Partition Type: NTFS Drive F: | 963.70 Mb Total Space | 15.30 Mb Free Space | 1.59% Space Free | Partition Type: FAT Drive G: | 30.34 Gb Total Space | 1.46 Gb Free Space | 4.83% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab) "C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\Programme\GIGABYTE\@BIOS\gwflash.exe" = C:\Programme\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:gwflash -- () "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 "C:\Programme\TVersity\Media Server\MediaServer.exe" = C:\Programme\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server "C:\Dokumente und Einstellungen\ETM-Saar\Lokale Einstellungen\Temp\7zS2.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\ETM-Saar\Lokale Einstellungen\Temp\7zS2.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation) "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe" = C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe:*:Enabled:AVM FRITZ!Box Kindersicherung -- (AVM Berlin) "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin) "C:\Dokumente und Einstellungen\ETM-Saar\Eigene Dateien\Downloads\Iphone\SweetImSetup.exe" = C:\Dokumente und Einstellungen\ETM-Saar\Eigene Dateien\Downloads\Iphone\SweetImSetup.exe:*:Enabled:SweetIM Installer "C:\Dokumente und Einstellungen\ETM-Saar\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RMN8HIGT\SweetImSetup[1].exe" = C:\Dokumente und Einstellungen\ETM-Saar\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RMN8HIGT\SweetImSetup[1].exe:*:Enabled:SweetIM Installer "C:\Programme\devolo\dlan\devolonetsvc.exe" = C:\Programme\devolo\dlan\devolonetsvc.exe:*:Enabled:devolo dLAN Cockpit -- (devolo AG) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0E7C3C1E-ABE5-41B7-AE52-83B4C5D8CF62}" = ThermaCAM QuickReport "{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14F3F3DD-E409-4043-B4BF-1D0C3C17A1AA}" = StarMoney "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17 "{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool "{2DA701B1-5597-44BA-BA96-ED6A737CCA57}" = Playlist Management "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B7.0108.01 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4086BCA1-9B64-498B-8B8B-CA236029C816}" = Adobe Setup "{458CD97D-56E5-4330-81DB-5829500BBF7A}" = Adobe GoLive 9 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{6A6F0F1E-39F8-469E-A82B-C0BD5B3E77B0}" = gSyncit "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15 "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{81AD9228-21AC-4DBD-AE33-98146A88BAA8}" = Philips Product Selector 5.2.5.0 "{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8814711D-2550-4481-B794-16FEA8E6F45D}" = ThermaCAM QuickReport English Language Pack "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2 "{8D13A4AE-45E9-4096-9107-727E2588DAF9}" = ThermaCAM QuickReport German Language Pack "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}" = hp deskjet 3600 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{948BE614-F37B-4A73-AD43-0245F23C110D}" = Logitech GamePanel Software 2.00 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96BEDBDA-EB5C-499F-8AFC-1AC00FC2E0F8}" = ThermaCAM QuickReport "{96F51932-0944-4D62-945F-E6837E510462}" = AVM FRITZ!Box AddOn (IE) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A47AFECA-7F0F-471A-82A3-68DEB673A311}" = AVM FRITZ!Box-Kindersicherung "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS B07.0108.01 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity "{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{E67FF1A2-23C1-4102-84E9-42115F77AD32}" = UltraMon "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B06.1129.01 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "3D Wohnungsplaner 8_is1" = DATA BECKER 3D Wohnungsplaner 8 "5513-1208-7298-9440" = JDownloader 0.9 "812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Testversion) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_a7223e4b8dff4f6a5bb90518a80851d" = Adobe GoLive 9 "Ausschreibungstexte 2008" = Ausschreibungstexte 2008 "Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1 "Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5 "BLASC 2.0" = BLASC 2.0 "CCleaner" = CCleaner "CMS-Mark-Win" = CMS-Mark-Win "Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit "DIALux" = DIALux 4.7 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX-Setup "dlancockpit" = devolo dLAN Cockpit "Elcom 5.0" = Hager - Tehalit 5.0 "ElcomPDF" = ElcomPDF "ElcomPdf Port Monitor" = ElcomPdf "ELDA2000" = \ELDA2000\ "facemoods" = Facemoods Toolbar "FileZilla Client" = FileZilla Client 3.1.1.1 "foobar2000" = foobar2000 v1.1.10 "Free Studio_is1" = Free Studio version 5.3.3 "FreePDF_XP" = FreePDF XP (Remove only) "G15_TeamSpeak" = G15_TeamSpeak (NSIS) "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "Hager Technischen Dokumente" = Hager Technischen Dokumente "HijackThis" = HijackThis 2.0.2 "ICQToolbar" = ICQ Toolbar "ie8" = Windows Internet Explorer 8 "iLivid" = iLivid "InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "InstallShield_{81AD9228-21AC-4DBD-AE33-98146A88BAA8}" = Philips Product Selector 5.2.5.0 "IrfanView" = IrfanView (remove only) "JSDK2.0" = Java Servlet Development Kit 2.0 "KFEViewer32_27B_is1" = KFEViewer32_27B 08/09/26a "Kurs 1 5.0 Spanisch" = Langenscheidt Kurs 1 5.0 Spanisch "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MP3 Remix for Winamp" = MP3 Remix for Winamp "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NAVIGON Fresh" = NAVIGON Fresh 3.3.2 "NeroBackItUp!UninstallKey" = Nero BackItUp "NVIDIA Drivers" = NVIDIA Drivers "PROHYBRIDR" = 2007 Microsoft Office system "ProtectDisc Driver 10" = ProtectDisc Helper Driver 10 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Semiolog2" = Semiolog "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Totalcmd" = Total Commander (Remove or Repair) "VLC media player" = VLC media player 1.1.11 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR "winscp3_is1" = WinSCP 4.1.8 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "World of Warcraft" = World of Warcraft "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XPSP3UPPACK" = Sereby's XP SP3 Updatepack Version 3.9.9 "ZPlan21" = Hager - Tehalit 5.0 < End of report > |
19.02.2012, 19:48 | #14 |
/// Malware-holic | Gema Trojaner mit XP - Kein Abgesicherter Modus möglich starte mal neu, wenn es nicht geht, reset knopf drücken und cd raus nehmen, sollte eig jetzt gehen. dann weiter mit dem upload bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.02.2012, 20:48 | #15 |
| Gema Trojaner mit XP - Kein Abgesicherter Modus möglich So, gut gegessen und weiter geht's Fix erneut durchlaufen lassen, anschließend fragt er nach Reboot. Mit "Yes" geantwortet und unten in der Fortschrittsanzeige schreibt er auch "Processing complete", jedoch ein Reboot erfolgt nicht. Das Programm lebt aber noch und lässt Veränderungen der Einstellungen zu. Also gehe ich (nach ca. 5Minuten warten) hin und löse den Restart manuell aus über den harten "Reset" (-button) Windows-Startvorgang bis zum Anmeldebildschirm -> Ich melde mich mit meinem Standardlogin ein -> Desktop erscheint kurz und............. dann kommt der Gema-Schirm. Ich fliege hier gleich in die Luft. Andere Frage oder Vorschlag. Ich habe eine ganz aktuelle Boot CD mit tagesaktuellen Treibern von Norton. Soll ich die mal laufen lassen vorher? |
Themen zu Gema Trojaner mit XP - Kein Abgesicherter Modus möglich |
0x00000001, abgesicherten modus funktioniert, abgesicherter modus möglich, alternate, anmelden, askbar, boot-cd, cdburnerxp, crypto, disabletaskmgr, error, frage, funktioniert, gdata, home, installation, kein abgesicherter modus möglich, monitor, netzwerk, plug-in, popup, problem, rechner, registry, remote, remote user, reset, runscanner error, scan, security update, seiten, sekunden, starten, startet, taskmanager, temp, trojaner, update, version=1.0, virus |