|
Log-Analyse und Auswertung: Bezahlaufforderungs Trojaner Hilfe!!!!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.03.2012, 16:14 | #1 |
| Bezahlaufforderungs Trojaner Hilfe!!!! Hallo liebes Forum, habe mir heute anscheinend auch dieses Virus eingefangen der mir durch dieses Fenster mit der Aufforderung zum Bezahlen mein Windows sperrt. Schonmal vielen Dank für die Hilfe. Hoffe ihr könnt mir sagen was ich tun muss. Danke euch Hier der OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 11.03.2012 16:16:00 - Run 1 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Dokumente und Einstellungen\Kerim.Z\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 81,05% Memory free 3,33 Gb Paging File | 3,14 Gb Available in Paging File | 94,33% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 82,82 Gb Total Space | 10,68 Gb Free Space | 12,90% Space Free | Partition Type: NTFS Drive D: | 61,29 Gb Total Space | 60,39 Gb Free Space | 98,53% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.11 16:05:49 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\OTL.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2009.02.27 15:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (AppMgmt) SRV - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.09.04 22:20:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.09.04 22:20:35 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.09.04 22:20:32 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.09.04 22:20:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.10 13:25:18 | 000,016,152 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Freedom Scientific\JAWS\12.0\JTVNCProxy.exe -- (JTVNCProxy_12.0) SRV - [2011.01.27 00:34:05 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.11.19 15:31:52 | 001,051,968 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.11.19 15:29:54 | 000,030,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.05.14 21:14:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.04.27 12:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.06.09 11:41:00 | 004,261,144 | ---- | M] (Freedom Scientific BLV Group, LLC) [Auto | Stopped] -- C:\Programme\Freedom Scientific\JAWS\10.0\jfw.exe -- (JFWService) SRV - [2009.06.09 11:28:00 | 000,016,152 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Freedom Scientific\JAWS\10.0\JTVNCProxy.exe -- (JTVNCProxy_10.0) SRV - [2009.05.19 17:29:58 | 000,107,744 | ---- | M] (SRS Labs, Inc.) [Auto | Stopped] -- C:\Programme\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service) SRV - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License) SRV - [2007.05.29 22:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\lxdecoms.exe -- (lxde_device) SRV - [2007.05.29 22:06:43 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe -- (lxdeCATSCustConnectService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- -- (uacFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (aksusb) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (akshasp) DRV - [2011.09.04 22:20:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.09.04 22:20:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.10 13:30:26 | 000,014,880 | ---- | M] (Freedom Scientific BLV Group, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\powerbrl.sys -- (PowerBrl) DRV - [2010.04.06 09:45:50 | 000,323,328 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2010.03.19 23:36:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009.07.06 09:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009.05.18 09:27:10 | 000,233,512 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009.05.12 16:18:54 | 005,080,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.15 12:03:42 | 000,090,112 | ---- | M] (Chingachguk & Denger2k (Elite & SP edition)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\multikey.sys -- (multikey) DRV - [2009.03.27 15:43:42 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009.03.02 06:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2008.12.30 09:53:54 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008.12.30 09:53:54 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2008.12.30 09:53:54 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.12.30 09:53:54 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2008.12.30 09:53:52 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.12.30 09:53:52 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2008.12.30 09:53:50 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008.11.19 02:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.04.08 14:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2008.03.17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX) DRV - [2008.02.25 10:59:02 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.02.07 16:57:20 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2006.01.04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2005.06.09 12:34:12 | 000,015,648 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\sentkey.sys -- (Sentinel) DRV - [1999.09.10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 17 58 6E AA E4 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {C0531841-7290-41DD-8A37-C47A12B4BBB3} IE - HKCU\..\SearchScopes\{908EC305-75A9-407D-AA35-AB014527CA29}: "URL" = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2354287 IE - HKCU\..\SearchScopes\{C0531841-7290-41DD-8A37-C47A12B4BBB3}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7RNTN_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () [2010.08.25 20:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Extensions [2011.08.21 18:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\extensions [2010.08.25 20:42:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.23 17:28:22 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\extensions\plugin@yontoo.com [2011.04.29 19:49:08 | 000,000,000 | ---D | M] (vShare) -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\extensions\vshare@toolbar [2010.12.22 16:23:04 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\searchplugins\conduit.xml [2010.09.19 14:42:36 | 000,002,689 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\searchplugins\search-defender.xml [2011.05.01 20:08:39 | 000,001,583 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\searchplugins\web-search.xml [2010.08.07 00:32:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1C749E08-6B62-11E0-B6DA-075F4824019B} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FaxCenterServer] C:\Programme\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [lxdeamon] C:\Programme\Lexmark 4800 Series\lxdeamon.exe () O4 - HKLM..\Run: [lxdemon.exe] C:\Programme\Lexmark 4800 Series\lxdemon.exe () O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [SkypeM] C:\Dokumente und Einstellungen\Kerim.Z\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe (Iron Mountain Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Kerim.Z\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 145 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data] O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7B405F6-871F-4504-A528-B4A3BFDCED63}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek) O20 - Winlogon\Notify\igdlogin: DllName - (igdlogin.dll) - C:\WINDOWS\System32\igdlogin.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.04 11:10:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{34567b7f-06a9-11e0-b68f-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{34567b7f-06a9-11e0-b68f-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{34567b7f-06a9-11e0-b68f-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9aaaa31a-20a1-11e0-b6cf-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{9aaaa31a-20a1-11e0-b6cf-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9aaaa31a-20a1-11e0-b6cf-0025d3a3ccbc}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{af22d3ac-188c-11df-b425-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{af22d3ac-188c-11df-b425-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{af22d3ac-188c-11df-b425-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{b43735a8-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735a8-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735a8-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b43735a9-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735a9-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735a9-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b43735ac-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735ac-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735ac-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{b43735ad-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735ad-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735ad-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b43735ae-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735ae-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735ae-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b43735af-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735af-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735af-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c8835a74-00f9-11df-b3ed-be21e63e3a02}\Shell - "" = AutoRun O33 - MountPoints2\{c8835a74-00f9-11df-b3ed-be21e63e3a02}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c8835a74-00f9-11df-b3ed-be21e63e3a02}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.11 16:05:48 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\OTL.exe [2012.03.10 18:59:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2012.03.10 18:58:01 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2012.03.10 18:57:54 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2012.03.10 18:52:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Apple Computer [2012.02.23 17:39:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2012.02.22 20:30:47 | 000,000,000 | ---D | C] -- C:\Lexmark ToolBar [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.11 16:05:49 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\OTL.exe [2012.03.11 15:54:19 | 000,455,386 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.03.11 15:54:19 | 000,438,040 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.03.11 15:54:19 | 000,083,336 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.03.11 15:54:19 | 000,070,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.03.11 15:50:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.11 15:30:27 | 002,000,000 | ---- | M] () -- C:\WINDOWS\System32\HJSMEM.DAT [2012.03.11 12:59:47 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{55F42137-AA7D-4D7F-8C9A-333CA313AA48}.job [2012.03.10 18:59:28 | 000,001,528 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.03.10 18:47:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.03.10 14:57:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.09 10:42:57 | 000,009,069 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\lxde [2012.02.26 12:42:48 | 000,001,044 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Startmenü\Programme\Autostart\Dropbox.lnk [2012.02.26 12:42:47 | 000,001,044 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\Dropbox.lnk [2012.02.23 23:56:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.02.21 15:43:40 | 001,453,470 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\teilnahme2 Marfamtag2.PDF [2012.02.21 15:38:42 | 001,094,857 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Teilnahme1 Marfantag 2012.PDF [2012.02.21 14:27:37 | 000,602,174 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Personalausweiß Rückseite.PDF [2012.02.21 13:35:59 | 000,587,958 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Personalausweiß Forderseite.PDF [2012.02.17 14:45:04 | 000,234,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.02.17 01:04:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.02.13 20:21:36 | 000,000,723 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\Internet Explorer.lnk [2012.02.13 20:12:40 | 000,001,590 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\QuickTime Player.lnk [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.10 18:59:28 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.02.21 15:44:07 | 001,453,470 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\teilnahme2 Marfamtag2.PDF [2012.02.21 15:39:30 | 001,094,857 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Teilnahme1 Marfantag 2012.PDF [2012.02.21 14:28:12 | 000,602,174 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Personalausweiß Rückseite.PDF [2012.02.21 13:36:37 | 000,587,958 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Personalausweiß Forderseite.PDF [2012.02.16 13:13:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.16 13:13:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.02.13 20:16:37 | 000,000,723 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\Internet Explorer.lnk [2012.02.13 20:12:40 | 000,001,590 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\QuickTime Player.lnk [2011.12.23 18:11:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.10.27 20:21:59 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxderwrd.ini [2011.10.27 20:21:55 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdehcp.dll [2011.10.27 20:21:55 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdeinst.dll [2011.10.27 20:15:03 | 000,348,160 | R--- | C] () -- C:\WINDOWS\System32\lxdecoin.dll [2011.10.22 21:59:34 | 000,047,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.09.28 18:40:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL [2011.09.28 18:40:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll [2011.09.28 18:40:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL [2011.07.19 13:26:02 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2011.07.19 13:26:02 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2011.07.17 12:46:24 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2011.07.17 12:45:56 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2011.06.23 10:50:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat [2011.06.23 10:44:46 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Crypkey.ini [2011.06.23 10:44:43 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe [2011.06.23 10:44:43 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys [2011.06.23 10:44:43 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll [2011.06.23 10:44:43 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe [2010.10.11 21:53:10 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\$_hpcst$.hpc [2010.08.25 20:09:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.08.06 16:04:16 | 000,264,192 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.07.25 12:09:51 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys [2010.07.11 19:10:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.04.27 22:41:55 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010.03.19 23:25:23 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI ========== LOP Check ========== [2011.03.12 22:17:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AIM [2011.08.13 13:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Baum Retec [2011.01.21 01:16:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2010.03.19 23:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.07.15 14:17:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freedom Scientific [2010.06.09 17:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2011.12.04 01:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iRinger [2010.06.09 17:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.06.07 16:17:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.06.23 17:28:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2010.09.25 22:53:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.09.22 19:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.03.17 14:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2010.12.06 12:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XSign [2011.11.30 13:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.09.22 19:38:06 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2011.03.17 18:34:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\acccore [2009.06.04 19:08:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\ASUS [2011.08.13 13:03:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\BAUM Retec [2010.03.19 23:43:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\DAEMON Tools Lite [2012.03.11 15:32:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Dropbox [2010.09.02 15:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\EeeStorageUploader [2010.01.13 03:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Freedom Scientific [2012.02.07 16:16:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\GetRightToGo [2010.09.14 13:26:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\GHISLER [2010.08.10 18:14:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\gtk-2.0 [2011.10.15 15:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\JAWS Scripts For Skype [2011.12.09 11:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Lexmark Productivity Studio [2010.12.26 22:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Miranda [2010.06.07 16:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Nokia [2011.07.09 12:57:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\PC Suite [2011.07.15 12:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Publish Providers [2011.07.15 12:35:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Sony [2010.08.07 14:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\TeamViewer [2010.09.22 19:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\TuneUp Software [2011.04.29 19:49:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\vShare [2012.03.11 12:59:47 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{55F42137-AA7D-4D7F-8C9A-333CA313AA48}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 161 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 @Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84 < End of report > |
11.03.2012, 16:32 | #2 |
| Bezahlaufforderungs Trojaner Hilfe!!!! Hier der OTL.txtOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 11.03.2012 16:16:00 - Run 1 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Dokumente und Einstellungen\Kerim.Z\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 81,05% Memory free 3,33 Gb Paging File | 3,14 Gb Available in Paging File | 94,33% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 82,82 Gb Total Space | 10,68 Gb Free Space | 12,90% Space Free | Partition Type: NTFS Drive D: | 61,29 Gb Total Space | 60,39 Gb Free Space | 98,53% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.11 16:05:49 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\OTL.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2009.02.27 15:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (AppMgmt) SRV - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.09.04 22:20:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.09.04 22:20:35 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.09.04 22:20:32 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.09.04 22:20:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.10 13:25:18 | 000,016,152 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Freedom Scientific\JAWS\12.0\JTVNCProxy.exe -- (JTVNCProxy_12.0) SRV - [2011.01.27 00:34:05 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.11.19 15:31:52 | 001,051,968 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.11.19 15:29:54 | 000,030,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.05.14 21:14:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.04.27 12:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.06.09 11:41:00 | 004,261,144 | ---- | M] (Freedom Scientific BLV Group, LLC) [Auto | Stopped] -- C:\Programme\Freedom Scientific\JAWS\10.0\jfw.exe -- (JFWService) SRV - [2009.06.09 11:28:00 | 000,016,152 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Freedom Scientific\JAWS\10.0\JTVNCProxy.exe -- (JTVNCProxy_10.0) SRV - [2009.05.19 17:29:58 | 000,107,744 | ---- | M] (SRS Labs, Inc.) [Auto | Stopped] -- C:\Programme\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service) SRV - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License) SRV - [2007.05.29 22:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\lxdecoms.exe -- (lxde_device) SRV - [2007.05.29 22:06:43 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe -- (lxdeCATSCustConnectService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- -- (uacFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (aksusb) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (akshasp) DRV - [2011.09.04 22:20:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.09.04 22:20:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.10 13:30:26 | 000,014,880 | ---- | M] (Freedom Scientific BLV Group, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\powerbrl.sys -- (PowerBrl) DRV - [2010.04.06 09:45:50 | 000,323,328 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2010.03.19 23:36:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009.07.06 09:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009.05.18 09:27:10 | 000,233,512 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009.05.12 16:18:54 | 005,080,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.15 12:03:42 | 000,090,112 | ---- | M] (Chingachguk & Denger2k (Elite & SP edition)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\multikey.sys -- (multikey) DRV - [2009.03.27 15:43:42 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009.03.02 06:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2008.12.30 09:53:54 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008.12.30 09:53:54 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2008.12.30 09:53:54 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.12.30 09:53:54 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2008.12.30 09:53:52 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.12.30 09:53:52 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2008.12.30 09:53:50 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008.11.19 02:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.04.08 14:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2008.03.17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX) DRV - [2008.02.25 10:59:02 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.02.07 16:57:20 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2006.01.04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2005.06.09 12:34:12 | 000,015,648 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\sentkey.sys -- (Sentinel) DRV - [1999.09.10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 17 58 6E AA E4 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {C0531841-7290-41DD-8A37-C47A12B4BBB3} IE - HKCU\..\SearchScopes\{908EC305-75A9-407D-AA35-AB014527CA29}: "URL" = hxxp://www.bing.com/search?FORM=ASUBDF&PC=MAAU&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2354287 IE - HKCU\..\SearchScopes\{C0531841-7290-41DD-8A37-C47A12B4BBB3}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7RNTN_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () [2010.08.25 20:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Extensions [2011.08.21 18:23:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\extensions [2010.08.25 20:42:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.23 17:28:22 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\extensions\plugin@yontoo.com [2011.04.29 19:49:08 | 000,000,000 | ---D | M] (vShare) -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\extensions\vshare@toolbar [2010.12.22 16:23:04 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\searchplugins\conduit.xml [2010.09.19 14:42:36 | 000,002,689 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\searchplugins\search-defender.xml [2011.05.01 20:08:39 | 000,001,583 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Mozilla\Firefox\Profiles\oeom7n5s.default\searchplugins\web-search.xml [2010.08.07 00:32:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1C749E08-6B62-11E0-B6DA-075F4824019B} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FaxCenterServer] C:\Programme\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [lxdeamon] C:\Programme\Lexmark 4800 Series\lxdeamon.exe () O4 - HKLM..\Run: [lxdemon.exe] C:\Programme\Lexmark 4800 Series\lxdemon.exe () O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [SkypeM] C:\Dokumente und Einstellungen\Kerim.Z\Lokale Einstellungen\Anwendungsdaten\Skype\Skype.exe (Iron Mountain Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Kerim.Z\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 145 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data] O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7B405F6-871F-4504-A528-B4A3BFDCED63}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek) O20 - Winlogon\Notify\igdlogin: DllName - (igdlogin.dll) - C:\WINDOWS\System32\igdlogin.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.04 11:10:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{34567b7f-06a9-11e0-b68f-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{34567b7f-06a9-11e0-b68f-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{34567b7f-06a9-11e0-b68f-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9aaaa31a-20a1-11e0-b6cf-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{9aaaa31a-20a1-11e0-b6cf-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9aaaa31a-20a1-11e0-b6cf-0025d3a3ccbc}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{af22d3ac-188c-11df-b425-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{af22d3ac-188c-11df-b425-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{af22d3ac-188c-11df-b425-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{b43735a8-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735a8-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735a8-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b43735a9-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735a9-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735a9-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b43735ac-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735ac-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735ac-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{b43735ad-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735ad-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735ad-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b43735ae-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735ae-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735ae-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b43735af-2f74-11e0-b6ff-0025d3a3ccbc}\Shell - "" = AutoRun O33 - MountPoints2\{b43735af-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b43735af-2f74-11e0-b6ff-0025d3a3ccbc}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c8835a74-00f9-11df-b3ed-be21e63e3a02}\Shell - "" = AutoRun O33 - MountPoints2\{c8835a74-00f9-11df-b3ed-be21e63e3a02}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c8835a74-00f9-11df-b3ed-be21e63e3a02}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.11 16:05:48 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\OTL.exe [2012.03.10 18:59:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2012.03.10 18:58:01 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2012.03.10 18:57:54 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2012.03.10 18:52:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Apple Computer [2012.02.23 17:39:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2012.02.22 20:30:47 | 000,000,000 | ---D | C] -- C:\Lexmark ToolBar [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.11 16:05:49 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\OTL.exe [2012.03.11 15:54:19 | 000,455,386 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.03.11 15:54:19 | 000,438,040 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.03.11 15:54:19 | 000,083,336 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.03.11 15:54:19 | 000,070,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.03.11 15:50:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.11 15:30:27 | 002,000,000 | ---- | M] () -- C:\WINDOWS\System32\HJSMEM.DAT [2012.03.11 12:59:47 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{55F42137-AA7D-4D7F-8C9A-333CA313AA48}.job [2012.03.10 18:59:28 | 000,001,528 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.03.10 18:47:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.03.10 14:57:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.09 10:42:57 | 000,009,069 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\lxde [2012.02.26 12:42:48 | 000,001,044 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Startmenü\Programme\Autostart\Dropbox.lnk [2012.02.26 12:42:47 | 000,001,044 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\Dropbox.lnk [2012.02.23 23:56:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.02.21 15:43:40 | 001,453,470 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\teilnahme2 Marfamtag2.PDF [2012.02.21 15:38:42 | 001,094,857 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Teilnahme1 Marfantag 2012.PDF [2012.02.21 14:27:37 | 000,602,174 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Personalausweiß Rückseite.PDF [2012.02.21 13:35:59 | 000,587,958 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Personalausweiß Forderseite.PDF [2012.02.17 14:45:04 | 000,234,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.02.17 01:04:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.02.13 20:21:36 | 000,000,723 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\Internet Explorer.lnk [2012.02.13 20:12:40 | 000,001,590 | ---- | M] () -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\QuickTime Player.lnk [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.10 18:59:28 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.02.21 15:44:07 | 001,453,470 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\teilnahme2 Marfamtag2.PDF [2012.02.21 15:39:30 | 001,094,857 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Teilnahme1 Marfantag 2012.PDF [2012.02.21 14:28:12 | 000,602,174 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Personalausweiß Rückseite.PDF [2012.02.21 13:36:37 | 000,587,958 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Eigene Dateien\Personalausweiß Forderseite.PDF [2012.02.16 13:13:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.16 13:13:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.02.13 20:16:37 | 000,000,723 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\Internet Explorer.lnk [2012.02.13 20:12:40 | 000,001,590 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Desktop\QuickTime Player.lnk [2011.12.23 18:11:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.10.27 20:21:59 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxderwrd.ini [2011.10.27 20:21:55 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdehcp.dll [2011.10.27 20:21:55 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdeinst.dll [2011.10.27 20:15:03 | 000,348,160 | R--- | C] () -- C:\WINDOWS\System32\lxdecoin.dll [2011.10.22 21:59:34 | 000,047,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.09.28 18:40:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL [2011.09.28 18:40:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll [2011.09.28 18:40:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL [2011.07.19 13:26:02 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2011.07.19 13:26:02 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2011.07.17 12:46:24 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2011.07.17 12:45:56 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2011.06.23 10:50:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat [2011.06.23 10:44:46 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Crypkey.ini [2011.06.23 10:44:43 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe [2011.06.23 10:44:43 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys [2011.06.23 10:44:43 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll [2011.06.23 10:44:43 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe [2010.10.11 21:53:10 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\$_hpcst$.hpc [2010.08.25 20:09:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.08.06 16:04:16 | 000,264,192 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.07.25 12:09:51 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys [2010.07.11 19:10:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.04.27 22:41:55 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010.03.19 23:25:23 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI ========== LOP Check ========== [2011.03.12 22:17:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AIM [2011.08.13 13:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Baum Retec [2011.01.21 01:16:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2010.03.19 23:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.07.15 14:17:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freedom Scientific [2010.06.09 17:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2011.12.04 01:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iRinger [2010.06.09 17:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.06.07 16:17:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.06.23 17:28:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2010.09.25 22:53:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.09.22 19:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.03.17 14:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2010.12.06 12:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XSign [2011.11.30 13:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.09.22 19:38:06 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2011.03.17 18:34:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\acccore [2009.06.04 19:08:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\ASUS [2011.08.13 13:03:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\BAUM Retec [2010.03.19 23:43:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\DAEMON Tools Lite [2012.03.11 15:32:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Dropbox [2010.09.02 15:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\EeeStorageUploader [2010.01.13 03:27:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Freedom Scientific [2012.02.07 16:16:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\GetRightToGo [2010.09.14 13:26:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\GHISLER [2010.08.10 18:14:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\gtk-2.0 [2011.10.15 15:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\JAWS Scripts For Skype [2011.12.09 11:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Lexmark Productivity Studio [2010.12.26 22:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Miranda [2010.06.07 16:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Nokia [2011.07.09 12:57:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\PC Suite [2011.07.15 12:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Publish Providers [2011.07.15 12:35:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Sony [2010.08.07 14:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\TeamViewer [2010.09.22 19:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\TuneUp Software [2011.04.29 19:49:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\vShare [2012.03.11 12:59:47 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{55F42137-AA7D-4D7F-8C9A-333CA313AA48}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 161 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1 @Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84 < End of report > |
11.03.2012, 16:36 | #3 |
| Bezahlaufforderungs Trojaner Hilfe!!!! OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 11.03.2012 16:30:29 - Run 1 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Dokumente und Einstellungen\Kerim.Z\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 80,79% Memory free 3,33 Gb Paging File | 3,15 Gb Available in Paging File | 94,47% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 82,82 Gb Total Space | 10,68 Gb Free Space | 12,90% Space Free | Partition Type: NTFS Drive D: | 61,29 Gb Total Space | 60,39 Gb Free Space | 98,53% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = SafariHTML] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.) https [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1542:TCP" = 1542:TCP:*:Enabled:WPS TCP Prot "1542:UDP" = 1542:UDP:*:Enabled:WPS UDP Prot "53:UDP" = 53:UDP:*:Enabled:AP UDP Prot ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Kerim.Z\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH) "C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Programme\Lexmark 4800 Series\frun.exe" = C:\Programme\Lexmark 4800 Series\frun.exe:*:Enabled:Printing Application -- () "C:\Programme\Freedom Scientific\Activator\1.1\FSACTIVATE.EXE" = C:\Programme\Freedom Scientific\Activator\1.1\FSACTIVATE.EXE:*:Enabled:Client Activator -- (Rainbow Technologies, Inc.) "C:\Programme\Lexmark 4800 Series\Wireless\lxdewpss.exe" = C:\Programme\Lexmark 4800 Series\Wireless\lxdewpss.exe:*:Enabled: -- () "C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process -- (Nokia Corporation) "C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Disabled:Nokia Software Updater -- (Nokia Corporation) "C:\Programme\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtWLan.exe" = C:\Programme\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtWLan.exe:*:Enabled:WPS UI -- (Realtek Semiconductor Corp.) "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdewbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdewbgw.exe:*:Enabled:Lexmark Web Gateway -- () "C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\WINDOWS\system32\lxdecoms.exe" = C:\WINDOWS\system32\lxdecoms.exe:*:Enabled:Printer Communication System -- ( ) "C:\Programme\Lexmark 4800 Series\lxdemon.exe" = C:\Programme\Lexmark 4800 Series\lxdemon.exe:*:Enabled:Printer Device Monitor -- () "C:\WINDOWS\system32\lxdecfg.exe" = C:\WINDOWS\system32\lxdecfg.exe:*:Enabled:Printer Communication System -- ( ) "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe:*:Enabled:Printer Status Window Interface -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe:*:Enabled:Job Status Window Interface -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdetime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.) "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{032794BC-0060-4B93-8B4E-7DE6D84610F7}" = Freedom Scientific Video Intercept "{06DE3C79-0F87-4ABD-BDC5-C11DC7BD795C}" = Freedom Scientific Sprechende Installation 12.0 "{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater "{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite "{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver "{1B8E64C9-7605-44E5-BAB8-247661C5D1C4}" = Freedom Scientific Braille "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F19423A-6072-44BC-8E03-3C645ED2301F}" = Freedom Scientific Utilities "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2DE9A2AC-4FF3-4687-ABF3-6F423A4D7BED}" = Freedom Scientific FSReader 2.0 "{2FD70F8A-9C87-4438-9F6F-22246EEBC4CF}" = Freedom Scientific Sprechende Installation 10.0 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device "{470BE3C3-C506-41C7-900B-9D4BEEDF002A}" = Freedom Scientific Document Server "{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer "{4B0A96C1-2C2D-4C84-81B0-B87EB2522837}" = Sony Sound Forge 7.0 "{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{61E9E4F1-76A3-4493-B467-58D6C55C8E18}" = Freedom Scientific Document Server "{66648BF3-5B50-4782-9D63-ACF4A5554063}" = Freedom Scientific Document Server "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{70B5D5E8-9673-41B2-9168-2E4E0782DC57}" = Freedom Scientific JAWS 10.0 "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7BE5F2AE-7EF2-4DF1-B29E-2A0298ADA019}" = Freedom Scientific Sprechende Installation 11.0 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01 "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{967C1374-BCB3-42AA-AE08-A5C56A956ACE}" = Freedom Scientific Braille "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A17230EA-C976-40D2-A27E-13B14EB8EF57}" = SRS Premium Sound "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B593190B-F384-4DC3-BD20-E53931699250}" = XSign "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1C0B829-85E8-45AA-B426-A0811AAFF1E2}" = Freedom Scientific JAWS 12.0 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync "{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 "{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety "{F0DE168D-39C0-4378-BD45-C7D150DC5D0E}" = Easy Mode "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F4DA19E5-A560-4313-8623-3493DCE3C681}" = Freedom Scientific Synthesizer Eloquence "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}" = Sentinel System Driver Installer 7.5.0 "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2) "2BEB1D72D273FA04AF79FA3C4E0B1BD7C0B1F627" = Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "5513-1208-7298-9440" = JDownloader 0.9 "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4) "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Professional "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ADUSB Treiber Pre-Installation_is1" = ADUSB Treiber Pre-Installation 1.0 "Avira AntiVir Desktop" = Avira AntiVir Premium "CCleaner" = CCleaner "CDex" = CDex - Open Source Digital Audio CD Extractor "CFB93035BA5D9AEFE8B947832E4FB4996B507C7C" = Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16) "dlanconftiny" = HomePlug-Konfigurationsassistent "Eee Docking_is1" = Eee Docking 1.3.4.0 "EeePC_1101HA" = EeePC_1101HA Screen Saver "FSVI" = Freedom Scientific Video Intercept "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "JAWS10.0" = Freedom Scientific JAWS 10.0 "JAWS12.0" = Freedom Scientific JAWS 12.0 "LPCO" = Intel(R) Graphics Media Accelerator 500 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mobile Partner" = Mobile Partner "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "RealPlayer 12.0" = RealPlayer "Revo Uninstaller" = Revo Uninstaller 1.92 "SoftwareUpdUtility" = Download Updater (AOL LLC) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 4" = TeamViewer 4 "TuneUp Utilities" = TuneUp Utilities "Tweak UI 2.10" = Tweak UI "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 1.0.5 "vShare" = vShare Plugin "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 "XP Codec Pack" = XP Codec Pack ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.03.2012 10:22:52 | Computer Name = KERIM | Source = EventSystem | ID = 4609 Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 80070422 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsuppor Error - 11.03.2012 10:22:52 | Computer Name = KERIM | Source = VSS | ID = 8193 Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206. Error - 11.03.2012 10:27:05 | Computer Name = KERIM | Source = LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich und der Werte LastHelp ist das dritte DWORD im Datenbereich. Error - 11.03.2012 10:27:05 | Computer Name = KERIM | Source = LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich und der Werte LastHelp ist das dritte DWORD im Datenbereich. Error - 11.03.2012 10:27:05 | Computer Name = KERIM | Source = LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst WmiApRpl (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 11.03.2012 10:30:22 | Computer Name = KERIM | Source = EventSystem | ID = 4609 Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 80070422 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsuppor Error - 11.03.2012 10:30:22 | Computer Name = KERIM | Source = VSS | ID = 8193 Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206. Error - 11.03.2012 10:54:16 | Computer Name = KERIM | Source = LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich und der Werte LastHelp ist das dritte DWORD im Datenbereich. Error - 11.03.2012 10:54:16 | Computer Name = KERIM | Source = LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich und der Werte LastHelp ist das dritte DWORD im Datenbereich. Error - 11.03.2012 10:54:16 | Computer Name = KERIM | Source = LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst WmiApRpl (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. [ System Events ] Error - 11.03.2012 10:48:19 | Computer Name = KERIM | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 11.03.2012 10:48:37 | Computer Name = KERIM | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 11.03.2012 10:50:11 | Computer Name = KERIM | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 11.03.2012 10:50:12 | Computer Name = KERIM | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 11.03.2012 10:50:29 | Computer Name = KERIM | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 11.03.2012 10:51:32 | Computer Name = KERIM | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Distributed Transaction Coordinator" ist vom Dienst "Sicherheitskontenverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.03.2012 10:51:32 | Computer Name = KERIM | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Systemereignisbenachrichtigung" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.03.2012 10:51:32 | Computer Name = KERIM | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "HTTP-SSL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 11.03.2012 10:51:32 | Computer Name = KERIM | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 11.03.2012 10:51:32 | Computer Name = KERIM | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AsUpIO avgio avipbb Fips intelppm NetworkX sptd ssmdrv [ TuneUp Events ] Error - 19.06.2011 16:42:01 | Computer Name = KERIM | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 19.06.2011 16:42:01 | Computer Name = KERIM | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 19.06.2011 16:42:01 | Computer Name = KERIM | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 19.06.2011 16:42:01 | Computer Name = KERIM | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 19.06.2011 16:42:01 | Computer Name = KERIM | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 19.06.2011 16:42:06 | Computer Name = KERIM | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 19.06.2011 16:42:06 | Computer Name = KERIM | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 19.06.2011 16:42:06 | Computer Name = KERIM | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 19.06.2011 16:42:06 | Computer Name = KERIM | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 19.06.2011 16:42:06 | Computer Name = KERIM | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > |
Themen zu Bezahlaufforderungs Trojaner Hilfe!!!! |
0x00000001, alternate, aufforderung, bezahlen, bingbar, eingefangen, fenster, fontcache, forum, gefangen, gen, heute, hilfe!, hilfe!!, hilfe!!!, langs, msn deutschland, nodrives, plug-in, schei, schonmal, searchscopes, tarma, troja, trojaner, trojaner hilfe, version=1.0, virus, virus eingefangen, windows |