| |
| |||||||
Log-Analyse und Auswertung: BKA-Virus..logfiles OTLPENet.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.03.2012, 21:49
| #1 |
| |  BKA-Virus..logfiles OTLPENet.exe Hallo, bin leider nicht so der pc-pro. hab jetzt nochmal die logfiles angehängt, in der hoffnung das mir jemand helfen kann. ich bräuchte diesen fix log für OTLPENet.exe |
|
04.03.2012, 22:07
| #2 |
| /// Malwareteam   | BKA-Virus..logfiles OTLPENet.exe Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Poste die beidne Logs nochmals direkt hier in den Thread. |
|
04.03.2012, 22:12
| #3 |
| | BKA-Virus..logfiles OTLPENet.exe OTL: OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 3/4/2012 9:36:06 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.29 Mb Free Space | 74.29% Space Free | Partition Type: NTFS
Drive D: | 466.26 Gb Total Space | 260.59 Gb Free Space | 55.89% Space Free | Partition Type: NTFS
Drive E: | 465.16 Gb Total Space | 292.03 Gb Free Space | 62.78% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/03/30 13:21:08 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/10/30 08:01:08 | 000,036,168 | ---- | M] (TuneUp Software) [Auto] -- D:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/23 12:36:59 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- D:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- D:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe -- (NIS)
SRV - [2011/02/05 15:54:44 | 000,075,136 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/07 12:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/04/12 14:57:57 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand] -- D:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) @C:\Program Files (x86)
SRV - [2010/03/30 13:18:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/30 08:08:24 | 001,353,544 | ---- | M] (TuneUp Software) [Auto] -- D:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/10/30 08:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- D:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/08/02 10:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/29 14:12:13 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- D:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- D:\Windows\System32\drivers\NISx64\1207000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\NISx64\1207000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/07 00:36:29 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/26 21:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2005/03/28 19:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012/02/28 02:01:24 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120227.018_67c\ex64.sys -- (NAVEX15)
DRV - [2012/02/28 02:01:24 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120227.018_67c\eng64.sys -- (NAVENG)
DRV - [2012/02/04 06:03:32 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/02/04 06:03:32 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 18:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120225.003\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/10/14 00:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- D:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/08/14 00:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto] -- D:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2005/01/01 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jens_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com Search Engine - Better Web Search
IE - HKU\Jens_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Jens_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Jens_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E DB F2 20 D7 BB CA 01 [binary data]
IE - HKU\Jens_ON_D\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found
IE - HKU\Jens_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jens_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.5.2
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: D:\Users\Jens\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/30 14:06:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/30 14:06:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/10 14:51:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2 [2012/03/04 15:19:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 11:40:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/18 11:40:45 | 000,000,000 | ---D | M]
[2010/03/04 15:28:54 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Jens\AppData\Roaming\Mozilla\Extensions
[2012/02/28 01:53:54 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\4u2mxmzn.default\extensions
[2010/04/09 17:07:31 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- D:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\4u2mxmzn.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/11/13 15:01:13 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- D:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\4u2mxmzn.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/06/23 14:58:58 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- D:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\4u2mxmzn.default\extensions\DTToolbar@toolbarnet.com
[2010/10/30 09:45:28 | 000,000,000 | ---D | M] (vShare Plugin) -- D:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\4u2mxmzn.default\extensions\vshare@toolbar
[2010/09/25 12:57:38 | 000,002,394 | ---- | M] () -- D:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\4u2mxmzn.default\searchplugins\askcom.xml
[2010/04/10 06:12:58 | 000,000,873 | ---- | M] () -- D:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\4u2mxmzn.default\searchplugins\conduit.xml
[2010/03/07 00:37:46 | 000,002,055 | ---- | M] () -- D:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\4u2mxmzn.default\searchplugins\daemon-search.xml
[2011/05/29 14:45:47 | 000,002,449 | ---- | M] () -- D:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\4u2mxmzn.default\searchplugins\safesearch.xml
[2011/08/16 03:05:37 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/05 02:04:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/12/30 14:06:02 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- D:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/30 14:06:02 | 000,000,000 | ---D | M] (DivX HiQ) -- D:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2012/03/04 15:19:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- D:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_5_2
[2012/02/10 14:51:41 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- D:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2010/03/27 06:31:50 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/03/27 06:31:50 | 000,002,344 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/03/27 06:31:50 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/03/27 06:31:50 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/03/27 06:31:50 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - D:\Program Files (x86)\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - D:\Program Files (x86)\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\Jens_ON_D\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - D:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3:64bit: - HKU\Jens_ON_D\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\Jens_ON_D\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Jens_ON_D\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKU\Jens_ON_D\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - D:\Program Files (x86)\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Eraser] D:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] D:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivX Download Manager] D:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\Jens_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Jens_ON_D..\Run: [Steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{405d82eb-29ac-11df-b7c8-90e6ba7ad9ec}\Shell - "" = AutoRun
O33 - MountPoints2\{405d82eb-29ac-11df-b7c8-90e6ba7ad9ec}\Shell\AutoRun\command - "" = K:\install.exe Vietnam
O33 - MountPoints2\{b779fbee-27c7-11df-a63c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b779fbee-27c7-11df-a63c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/29 02:14:57 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Local\Eraser 6
[2012/02/29 02:11:22 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Roaming\TuneUp Software
[2012/02/29 02:09:50 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Roaming\Apple Computer
[2012/02/29 02:09:47 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Roaming\Adobe
[2012/02/29 02:09:33 | 000,000,000 | R--D | C] -- D:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/02/29 02:09:33 | 000,000,000 | R--D | C] -- D:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/02/29 02:09:33 | 000,000,000 | -H-D | C] -- D:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/02/29 02:09:24 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Roaming\Identities
[2012/02/29 02:09:20 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Local\VirtualStore
[2012/02/29 02:09:15 | 000,000,000 | R--D | C] -- D:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/02/29 02:09:15 | 000,000,000 | -HSD | C] -- D:\Users\Admin\AppData\Local\Verlauf
[2012/02/29 02:09:15 | 000,000,000 | -HSD | C] -- D:\Users\Admin\AppData\Local\Temporary Internet Files
[2012/02/29 02:09:15 | 000,000,000 | -HSD | C] -- D:\Users\Admin\Documents\Eigene Videos
[2012/02/29 02:09:15 | 000,000,000 | -HSD | C] -- D:\Users\Admin\Documents\Eigene Musik
[2012/02/29 02:09:15 | 000,000,000 | -HSD | C] -- D:\Users\Admin\Documents\Eigene Bilder
[2012/02/29 02:09:15 | 000,000,000 | -HSD | C] -- D:\Users\Admin\AppData\Local\Anwendungsdaten
[2012/02/29 02:09:15 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Local\Temp
[2012/02/29 02:09:15 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Local\Microsoft
[2012/02/29 02:09:15 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Roaming\Media Center Programs
[2012/02/29 02:09:15 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\LocalLow
[2012/02/29 02:09:15 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Local
[2012/02/29 02:09:14 | 000,000,000 | --SD | C] -- D:\Users\Admin\AppData\Roaming\Microsoft
[2012/02/29 02:09:14 | 000,000,000 | R--D | C] -- D:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/02/29 02:09:14 | 000,000,000 | ---D | C] -- D:\Users\Admin\AppData\Roaming
[2012/02/28 16:54:46 | 000,000,000 | ---D | C] -- D:\$WINDOWS.~LS
[2012/02/16 01:47:30 | 000,509,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntshrui.dll
[2012/02/16 01:47:29 | 000,515,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\timedate.cpl
[2012/02/16 01:47:29 | 000,478,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\timedate.cpl
[2012/02/16 01:47:23 | 000,634,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msvcrt.dll
[2012/02/16 01:47:14 | 000,702,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/02/16 01:47:14 | 000,599,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2012/02/16 01:47:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/02/16 01:47:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2012/02/16 01:47:14 | 000,097,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2012/02/16 01:47:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/02/16 01:47:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2012/02/16 01:47:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[3 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
[1 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/04 15:23:49 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/04 15:23:43 | 000,013,408 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 15:23:43 | 000,013,408 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 15:19:42 | 000,001,102 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 15:19:19 | 3220,529,152 | -HS- | M] () -- D:\hiberfil.sys
[2012/02/28 17:17:09 | 608,881,904 | ---- | M] () -- D:\Windows\MEMORY.DMP
[2012/02/28 17:01:20 | 000,002,544 | ---- | M] () -- D:\Windows\diagwrn.xml
[2012/02/28 17:01:20 | 000,001,890 | ---- | M] () -- D:\Windows\diagerr.xml
[2012/02/28 16:29:55 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 15:48:04 | 000,654,150 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/02/28 15:48:04 | 000,616,032 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/02/28 15:48:04 | 000,130,022 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/02/28 15:48:04 | 000,106,412 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/02/28 12:38:00 | 000,006,604 | ---- | M] () -- D:\Users\Jens\Desktop\Windows-Kompatibilitätsbericht.htm
[2012/02/17 01:28:54 | 000,002,340 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/17 01:28:54 | 000,002,239 | ---- | M] () -- D:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/16 11:08:21 | 002,878,728 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/02/16 01:47:07 | 001,933,098 | ---- | M] () -- D:\Windows\System32\drivers\NISx64\1207000.00D\Cat.DB
[2012/02/11 17:39:10 | 003,235,048 | ---- | M] () -- D:\Users\Jens\Desktop\Shirley Bassey - Light My Fire.mp3
[2012/02/11 17:37:52 | 004,946,841 | ---- | M] () -- D:\Users\Jens\Desktop\Minnie Riperton - Capitol Gold_ The Best Of Minnie Riperton - 17 - Light My Fire.mp3
[2012/02/11 17:29:04 | 002,838,656 | ---- | M] () -- D:\Users\Jens\Desktop\16-16 _ 16.mp3
[2012/02/11 17:28:23 | 003,463,296 | ---- | M] () -- D:\Users\Jens\Desktop\12-12 _ 12.mp3
[2012/02/11 17:28:09 | 004,014,208 | ---- | M] () -- D:\Users\Jens\Desktop\13-13 _ 13.mp3
[2012/02/11 17:22:45 | 000,981,120 | ---- | M] () -- D:\Users\Jens\Desktop\01-1 _ 1.mp3
[2012/02/11 17:22:29 | 002,730,112 | ---- | M] () -- D:\Users\Jens\Desktop\02-2 _ 2.mp3
[2012/02/11 17:16:48 | 003,897,344 | ---- | M] () -- D:\Users\Jens\Desktop\10-mighty_mi_is_clickums-cms.mp3
[2012/02/10 16:17:32 | 000,280,736 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.xtr
[2012/02/10 16:17:32 | 000,280,736 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2012/02/10 16:15:59 | 000,215,128 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/10 12:18:55 | 000,002,489 | ---- | M] () -- D:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/10 12:18:55 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[3 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
[1 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/29 02:09:38 | 000,001,405 | ---- | C] () -- D:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/02/29 02:09:34 | 000,001,439 | ---- | C] () -- D:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/02/29 02:09:15 | 000,002,239 | ---- | C] () -- D:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/29 02:09:15 | 000,000,290 | ---- | C] () -- D:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/02/29 02:09:15 | 000,000,272 | ---- | C] () -- D:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/28 12:38:00 | 000,006,604 | ---- | C] () -- D:\Users\Jens\Desktop\Windows-Kompatibilitätsbericht.htm
[2012/02/28 12:33:55 | 000,002,544 | ---- | C] () -- D:\Windows\diagwrn.xml
[2012/02/28 12:33:55 | 000,001,890 | ---- | C] () -- D:\Windows\diagerr.xml
[2012/02/11 17:37:00 | 003,235,048 | ---- | C] () -- D:\Users\Jens\Desktop\Shirley Bassey - Light My Fire.mp3
[2012/02/11 17:35:38 | 004,946,841 | ---- | C] () -- D:\Users\Jens\Desktop\Minnie Riperton - Capitol Gold_ The Best Of Minnie Riperton - 17 - Light My Fire.mp3
[2012/02/11 17:28:14 | 002,838,656 | ---- | C] () -- D:\Users\Jens\Desktop\16-16 _ 16.mp3
[2012/02/11 17:26:21 | 004,014,208 | ---- | C] () -- D:\Users\Jens\Desktop\13-13 _ 13.mp3
[2012/02/11 17:26:17 | 003,463,296 | ---- | C] () -- D:\Users\Jens\Desktop\12-12 _ 12.mp3
[2012/02/11 17:22:24 | 000,981,120 | ---- | C] () -- D:\Users\Jens\Desktop\01-1 _ 1.mp3
[2012/02/11 17:21:38 | 002,730,112 | ---- | C] () -- D:\Users\Jens\Desktop\02-2 _ 2.mp3
[2012/02/11 17:15:49 | 003,897,344 | ---- | C] () -- D:\Users\Jens\Desktop\10-mighty_mi_is_clickums-cms.mp3
[2011/09/27 11:50:31 | 000,444,283 | ---- | C] () -- D:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011/06/09 11:28:51 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/04/09 11:55:28 | 000,179,261 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2011/02/05 13:22:38 | 000,280,736 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/02/05 13:22:33 | 002,434,856 | ---- | C] () -- D:\Windows\SysWow64\pbsvc_bc2.exe
[2011/02/05 13:22:33 | 000,075,136 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2010/10/09 18:22:25 | 000,000,004 | ---- | C] () -- D:\Users\Jens\AppData\Roaming\avdrn.dat
[2010/03/14 08:42:42 | 006,500,352 | ---- | C] () -- D:\Windows\SysWow64\PSP VintageWarmer2.dll
[2010/03/14 08:42:42 | 006,496,256 | ---- | C] () -- D:\Windows\SysWow64\PSP VintageWarmer.dll
[2010/03/04 15:32:05 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- D:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2010/03/04 14:56:08 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/03/07 00:36:06 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2010/03/07 00:32:13 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Pro
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/03/04 14:56:08 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/08/16 03:04:31 | 000,000,000 | ---D | M] -- D:\ProgramData\Easybits GO
[2010/03/04 14:56:08 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2010/06/27 12:49:02 | 000,000,000 | ---D | M] -- D:\ProgramData\G DATA
[2011/03/25 18:02:30 | 000,000,000 | ---D | M] -- D:\ProgramData\LAG
[2011/05/29 14:08:17 | 000,000,000 | ---D | M] -- D:\ProgramData\PCSettings
[2010/03/07 01:16:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Propellerhead Software
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/03/04 14:56:08 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/03/07 03:21:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Steinberg
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2010/04/12 14:57:43 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software
[2010/03/04 14:56:08 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2010/03/14 08:31:46 | 000,000,000 | ---D | M] -- D:\ProgramData\VST3 Presets
[2010/03/04 15:51:14 | 000,000,000 | ---D | M] -- D:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2011/01/29 18:40:28 | 000,000,000 | -H-D | M] -- D:\ProgramData\{7D55A338-9946-4B03-9D84-8FD1472DA229}
[2010/07/24 05:59:48 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/12 14:57:20 | 000,000,000 | -HSD | M] -- D:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/01/30 01:45:58 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 3/4/2012 9:36:06 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.29 Mb Free Space | 74.29% Space Free | Partition Type: NTFS
Drive D: | 466.26 Gb Total Space | 260.59 Gb Free Space | 55.89% Space Free | Partition Type: NTFS
Drive E: | 465.16 Gb Total Space | 292.03 Gb Free Space | 62.78% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- D:\Windows\System32\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE041ADD-66F3-4B85-A0E2-9E85D0DCBB31}" = Eraser 6.0.6.1376
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE041ADD-66F3-4B85-A0E2-9E85D0DCBB31}" = Eraser 6.0.6.1376
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Jens_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.2
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"UnityWebPlayer" = Unity Web Player
< End of report >
|
|
04.03.2012, 22:25
| #4 |
| /// Malwareteam | BKA-Virus..logfiles OTLPENet.exe Schritt 1 Fixen mit OTLpe
Schritt 2 Downloade Dir bitte Malwarebytes
|
|
04.03.2012, 23:02
| #5 |
| | BKA-Virus..logfiles OTLPENet.exe Danke für deine schnelle hilfe...aber leider bekomme ich immer wieder einen blue screen. ich hab alles mit der fix.txt gemacht. danach malwarebytes, aber mitten im scannen stürzt der rechner ab.....hatte es vorher sogar mit einer anderen "sauberen" festplatte probiert und windows neu aufgesetzt und bekam trotzdem einen blue screen..... das ging alles los nachdem ich diesen BKA screen zusehen bekommen hab.  |
|
05.03.2012, 12:50
| #6 |
| /// Malwareteam | BKA-Virus..logfiles OTLPENet.exe Schritt 1 Starte das System im abgesicherten Modus: http://www.trojaner-board.de/63335-w...s-starten.html Schritt 2
Schritt 3
|
|
05.03.2012, 18:36
| #7 | |
| | BKA-Virus..logfiles OTLPENet.exe hallo swiss, ich hab den scan jetzt hinbekommen. hier der befund: Zitat:
|
|
05.03.2012, 18:45
| #8 |
| | BKA-Virus..logfiles OTLPENet.exe Der Rechner ist grad schon wieder abgestürzt. Kann es sein das die Hardware beschädigt wurde? Vorm Starten sehe ich plötzlich auch immer ein Screen von Asus Board, das war vorher nicht so......und eben grad ist er abgestürzt bevor windows überhaupt gestartet war |
|
06.03.2012, 19:23
| #9 |
| /// Malwareteam | BKA-Virus..logfiles OTLPENet.exe Das kann gut sein. Wie alt ist das System? Und was steht auf dem bluescreen? |
|
09.03.2012, 18:59
| #10 |
| | BKA-Virus..logfiles OTLPENet.exe Hi swiss, das system ist noch garnicht so alt...1 1/2 jahre ungefähr Der Bluescreen sagt: "a problem has been detected and windows has been shut down to prevent damage to your computer. a process or thread crucial to system operation has unexpectedly exited or been termited. if this is the first time.... Check to make sure any new hardware or software is properly installed.... technical information: *** STOP: 0x000000F4 (0x000000000000000003,0xFFFFFA8003A07060,0xFFFFFA8003A07340,0 xFFFFF8000278B240) |
|
| Themen zu BKA-Virus..logfiles OTLPENet.exe |
| .exe, angehängt, bräuchte, fix, hoffnung, logfiles, otlpe, otlpenet.exe |
Linear-Darstellung
