![]() |
|
Plagegeister aller Art und deren Bekämpfung: Trojaner/Virus: Bundespolizei verlangt 100€ via UkashWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash Hi Freunde, Habe das Problem schoneinmal an dem PC einer Freundin bearbeitet, daher konnte ich schon einmal die ersten Schritte ohne Anleitung bearbeiten ![]() Der Virus ist ja allgemein bekannt, hier auf Trojaner Board, insofern muss ich dazu nicht viel sagen. Habe nun einmal OTL.exe meinen PC scannen lassen und bekam eine OTL.txt und eine Extras.txt heraus. Code:
ATTFilter OTL Extras logfile created on: 16.03.2012 17:16:38 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = H:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,61% Memory free 4,23 Gb Paging File | 3,97 Gb Available in Paging File | 93,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 261,64 Gb Free Space | 58,70% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32 Drive H: | 7,31 Gb Total Space | 6,65 Gb Free Space | 90,95% Space Free | Partition Type: FAT32 Computer Name: BÜRO-PC | User Name: _ | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2651C41D-3638-4585-A50B-1A37A430930F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{40299914-F7F9-4D5F-A770-47F1424355B1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4326684A-0F41-457B-9B62-E8A99B42AEA6}" = rport=2869 | protocol=6 | dir=out | app=system | "{6F3699F6-7FE1-4B68-928C-3534B209BAB0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{71CEDB94-F107-47CA-BC06-CD7D1D125A34}" = lport=2869 | protocol=6 | dir=in | app=system | "{7B090C90-5BD3-404C-B752-DF0B192CE442}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AB621E9A-BDFC-433A-AA1E-8949767CDB48}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E669A2FD-CCC4-4FC1-8305-B4D061024706}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{028082CE-5F83-4188-A2E6-4A9C63AC91AA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{1181F1A2-53BB-4F2A-AE11-8697FB0B8A2B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{1A58997E-E0D5-4875-96BA-606FC10B313E}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | "{204ED0AC-5CAF-4FDE-B8FC-11025F15B671}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{24045ADB-CE18-4681-8D52-A230C884147C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{50157BF6-0D2B-4B19-B64C-ADA5B0B1967F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | "{5ECFBF96-82F3-49D9-A62A-1453501A3361}" = protocol=6 | dir=out | app=c:\program files\iminent\mmserver\iminent.mmserver.exe | "{5ED16D02-1395-48FB-9892-A3B204D87E01}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{742C98D9-E516-4B3D-8E90-24C21978F0DB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{74D19927-B2AC-49D4-AC62-1CCED2BF906B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{751DEB9E-615E-44DB-8CC1-2D97956B713B}" = protocol=6 | dir=in | app=c:\program files\iminent\imbooster\imbooster.exe | "{7F7C8E4A-9490-419F-A1F2-1493B68D713B}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | "{86F0493F-7AC0-421B-941F-16C3A585CEFE}" = protocol=6 | dir=in | app=c:\program files\iminent\mmserver\iminent.mmserver.exe | "{8EB89906-7156-4B3C-99C2-C6D9065147A4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | "{8F1BD00A-549F-451F-A092-0B98EFC28B63}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{965F326E-59FF-4924-B753-5107E0D1FD9C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | "{B1D87081-FF6F-4A43-9D87-026560C1EB9E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{C449384A-87DA-431A-96FC-13E4BCB53C5C}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | "{C5E5F0B8-5C65-4CC4-B820-E99115E3E4B8}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{C614617D-2D02-4454-99DE-4666757E85F0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | "{CBD667CD-6065-4107-B26D-D98BDFA42777}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D4C28644-BE57-4501-9956-A004745A2222}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{E854CFDA-CF6E-416F-847A-E9D02C11783C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{EABDE8A9-D2E5-4843-ABB9-2C7FB32463C8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{FBC72F85-CA19-4E74-8CFC-4105BB995B4A}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | "{FEFDDE56-3F3A-4A4C-BDA9-384FF1D725ED}" = protocol=6 | dir=out | app=c:\program files\iminent\imbooster\imbooster.exe | "TCP Query User{1DD3C3EE-D212-454C-9309-5B3366AD931D}C:\program files\tunngle\tnglctrl.exe" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | "TCP Query User{313C81FA-6B72-4F1D-A80A-A14C4BE2FB3A}C:\program files\prodigy flight deck 100 v9.02\gremotes.exe" = protocol=6 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\gremotes.exe | "TCP Query User{4B5619A6-9CDE-4D57-82A4-1AD97877AF41}C:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe" = protocol=6 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe | "TCP Query User{89FF81ED-0214-4E01-AB45-88E6FD146E69}C:\program files\prodigy flight deck 100 v9.02\gremotes.exe" = protocol=6 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\gremotes.exe | "TCP Query User{9139EE51-F6B1-4012-B0E9-5A8DC936C8D4}C:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe" = protocol=6 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe | "TCP Query User{BF786689-1C3D-474D-B22C-3E6519B68049}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | "TCP Query User{CB84548F-02D3-4B25-8502-D9E4ED33D7CA}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | "TCP Query User{D42E4666-D985-427C-86C1-871BD8160568}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{D695D0EC-868A-49AC-80AF-627CEB595F5F}C:\users\_\tobis dateien\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\users\_\tobis dateien\far cry 2\bin\farcry2.exe | "UDP Query User{24F6C2BF-3870-474C-B423-834483DBBBC8}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | "UDP Query User{78FF67FD-FE7F-4725-90B0-D07B8617B33B}C:\program files\tunngle\tnglctrl.exe" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | "UDP Query User{938152C1-7296-41BC-B574-095DE1738F77}C:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe" = protocol=17 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe | "UDP Query User{9BA609F2-211E-448D-9362-CFF78F99AF71}C:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe" = protocol=17 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\cdusimv2.exe | "UDP Query User{AB393ABA-C670-4AD5-8D95-12509690A27B}C:\users\_\tobis dateien\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\users\_\tobis dateien\far cry 2\bin\farcry2.exe | "UDP Query User{ABCCF944-2701-456F-9275-BED53BD86CAC}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe | "UDP Query User{BE81A214-0947-4DE2-B64C-B95A4668993C}C:\program files\prodigy flight deck 100 v9.02\gremotes.exe" = protocol=17 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\gremotes.exe | "UDP Query User{CEDF492E-5CAC-4A08-877B-727410631F6D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{D76AA78D-0453-489B-901C-5E17567E2A1A}C:\program files\prodigy flight deck 100 v9.02\gremotes.exe" = protocol=17 | dir=in | app=c:\program files\prodigy flight deck 100 v9.02\gremotes.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{136E842A-87AC-4CFA-99A0-4D5BF9114566}" = Iminent "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29 "{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox "{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3 "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox "{2F6E1E46-2EC9-4547-B56A-720E97E3A9C1}" = aerosoft's - Real Germany 1 - FS2002 - FS2004 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D06B1C71-FDF8-47A4-8648-6406B4F85E90}" = Panel Utility "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2 "{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 Königs- Edition "{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "1489-3350-5074-6281" = JDownloader 0.9 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3 "BabylonToolbar" = Babylon toolbar on IE "DAEMON Tools Lite" = DAEMON Tools Lite "DealPly" = DealPly "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EPSON Scanner" = EPSON Scan "EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Benutzerhandbuch" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Handbuch "EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall "facemoods" = Facemoods Toolbar "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228 "GameSpy Arcade" = GameSpy Arcade "Google Desktop" = Google Desktop "IMBoosterARP" = Iminent "incredibar" = Incredibar Toolbar on IE and Chrome "KONICA MINOLTA magicolor 1600W" = KONICA MINOLTA magicolor 1600W "LetsTrade" = LetsTrade Komponenten "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "NVIDIA Drivers" = NVIDIA Drivers "Prodigy Flight Deck 100 v9.02" = Prodigy Flight Deck 100 v9.02 "PunkBusterSvc" = PunkBuster Services "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Tunngle beta_is1" = Tunngle beta "WinRAR archiver" = WinRAR 4.01 (32-Bit) "X10Hardware" = X10 Hardware(TM) "YTdetect" = Yahoo! Detect "ZDFmediathek_is1" = ZDFmediathek Version 2.0.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FoxTab Audio Converter" = FoxTab Audio Converter "Game Organizer" = EasyBits GO "webGAMET" = webGAMET ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09.03.2011 09:05:17 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09.03.2011 09:05:17 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09.03.2011 09:06:37 | Computer Name = Büro-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TuneUpUtilitiesService32.exe, Version 10.0.3000.99, Zeitstempel 0x4d076afa, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel 0x49f05bcc, Ausnahmecode 0xc0000005, Fehleroffset 0x0005895d, Prozess-ID 0xadc, Anwendungsstartzeit 01cbde5a9f5f01b5. Error - 09.03.2011 17:21:07 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09.03.2011 17:21:07 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09.03.2011 18:21:18 | Computer Name = Büro-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TuneUpUtilitiesService32.exe, Version 10.0.3000.99, Zeitstempel 0x4d076afa, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel 0x49f05bcc, Ausnahmecode 0xc0000005, Fehleroffset 0x0005895d, Prozess-ID 0x8fc, Anwendungsstartzeit 01cbde9fe3866613. Error - 10.03.2011 08:11:32 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 10.03.2011 08:11:32 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 10.03.2011 17:07:32 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 10.03.2011 17:07:32 | Computer Name = Büro-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7026 Description = Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001 Description = Error - 16.03.2012 10:46:52 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001 Description = < End of report > und Code:
ATTFilter OTL logfile created on: 16.03.2012 17:16:38 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = H:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,61% Memory free 4,23 Gb Paging File | 3,97 Gb Available in Paging File | 93,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 261,64 Gb Free Space | 58,70% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32 Drive H: | 7,31 Gb Total Space | 6,65 Gb Free Space | 90,95% Space Free | Partition Type: FAT32 Computer Name: BÜRO-PC | User Name: _ | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - H:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Microsoft Office\Office10\WINWORD.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (vToolbarUpdater10.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\eEBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (SaiHFF12) -- C:\Windows\System32\drivers\SaiHFF12.sys (Saitek) DRV - (SaiIFF12) Immersion's HID USB Driver (FF12) -- C:\Windows\System32\drivers\SaiIFF12.sys (Saitek) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (snpstd) -- C:\Windows\System32\drivers\snpstd.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={4A8470D9-B8B9-464E-B81A-4788FBA8D811}&mid=9e534bd068c747d1b5f7d154d4841b07-9e7c2e33955e8c62344338765a0459d397e3d818&lang=de&ds=tt014&pr=sa&d=2012-01-04 11:10:16&v=10.0.0.7&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.02.25 13:28:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 11:15:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 21:09:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de [2011.11.23 10:31:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008.08.29 06:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_\AppData\Roaming\mozilla\Extensions [2012.03.09 14:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions [2010.05.02 14:15:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.16 13:41:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.02.11 22:20:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.27 10:33:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.08.13 11:06:54 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.01.04 11:10:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\avg@toolbar [2012.01.09 19:06:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\ffxtlbr@babylon.com [2011.11.23 10:31:59 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\mail@gutscheinrausch.de [2011.07.17 17:09:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\_\AppData\Roaming\mozilla\Firefox\Profiles\zabkhoqd.default\extensions\plugin@yontoo.com [2011.12.19 18:23:14 | 000,000,933 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\11-suche.xml [2012.02.09 12:38:24 | 000,000,931 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\conduit.xml [2011.12.19 18:23:14 | 000,002,419 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\englische-ergebnisse.xml [2011.12.19 18:23:14 | 000,010,525 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\gmx-suche.xml [2011.12.19 18:23:14 | 000,002,457 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\lastminute.xml [2011.12.20 21:10:50 | 000,002,203 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\MyStart Search.xml [2011.12.19 18:23:14 | 000,005,508 | ---- | M] () -- C:\Users\_\AppData\Roaming\Mozilla\Firefox\Profiles\zabkhoqd.default\searchplugins\webde-suche.xml [2012.01.09 19:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.10 11:03:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.12.20 19:00:27 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com () (No name found) -- C:\USERS\_\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZABKHOQD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\_\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZABKHOQD.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.02.18 11:15:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.11 11:36:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.14 08:01:15 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011.08.13 11:06:37 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.10.11 11:36:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.11 11:36:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.07.16 18:44:21 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011.10.11 11:36:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.11 11:36:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.11 11:36:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON SX600FW Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE (SEIKO EPSON CORPORATION) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\_\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{635B33A1-C0AE-4FEB-AE84-5A253A778F76}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9B80813-539B-45FD-8187-DBEF372A99DD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\_\Bernds Dateien\CIMG1696.JPG O24 - Desktop BackupWallPaper: C:\Users\_\Bernds Dateien\CIMG1696.JPG O27 - HKLM IFEO\googledesktop.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\googledesktopdisplay.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\Shell - "" = AutoRun O33 - MountPoints2\{afd1cae6-b16d-11e0-ab69-001d9260f2f4}\Shell\AutoRun\command - "" = F:\Launcher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.14 08:13:29 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.14 08:13:01 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.14 08:13:00 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.03.14 08:13:00 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.03.14 08:13:00 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.03.14 08:13:00 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.03.14 08:07:38 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012.03.05 18:36:29 | 000,000,000 | ---D | C] -- C:\Users\_\Desktop\Converse [2012.02.21 14:51:42 | 000,000,000 | ---D | C] -- C:\Users\_\AppData\Roaming\Sierra [2012.02.21 14:51:42 | 000,000,000 | ---D | C] -- C:\Users\_\Documents\Empire Earth II [2012.02.21 14:50:27 | 000,000,000 | ---D | C] -- C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade [2012.02.21 14:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade [2012.02.21 14:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade [2012.02.21 14:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra [2012.02.21 14:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra [2012.02.21 13:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\directx [2012.02.16 14:10:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.16 14:10:44 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.02.16 14:10:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.16 14:10:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.16 14:10:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.16 14:10:41 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2008.03.02 14:30:24 | 000,017,168 | ---- | C] ( ) -- C:\Windows\System32\drivers\gt681x.sys [2005.04.21 00:16:28 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll [2004.02.16 20:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll [1 C:\Users\_\Desktop\*.tmp files -> C:\Users\_\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.16 17:15:54 | 000,637,762 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.16 17:15:54 | 000,603,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.16 17:15:54 | 000,130,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.16 17:15:54 | 000,107,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.16 16:58:38 | 000,001,356 | ---- | M] () -- C:\Users\_\AppData\Local\d3d9caps.dat [2012.03.16 15:45:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.16 15:43:50 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.16 15:43:50 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.16 14:53:37 | 000,000,862 | ---- | M] () -- C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk [2012.03.16 09:56:39 | 000,352,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.14 11:43:19 | 000,002,623 | ---- | M] () -- C:\Users\_\Desktop\Microsoft Word.lnk [2012.02.24 16:50:49 | 000,022,528 | ---- | M] () -- C:\Users\_\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.02.21 14:00:50 | 000,000,025 | ---- | M] () -- C:\Windows\SIERRA.INI [1 C:\Users\_\Desktop\*.tmp files -> C:\Users\_\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.16 15:13:30 | 000,001,356 | ---- | C] () -- C:\Users\_\AppData\Local\d3d9caps.dat [2012.03.16 14:53:37 | 000,000,862 | ---- | C] () -- C:\Users\_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk [2012.02.21 13:39:07 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.11.23 10:31:56 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2011.09.10 12:43:22 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.09.10 12:42:52 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.09.10 12:42:43 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.11.22 22:45:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.28 12:20:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.28 12:20:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.09 14:43:19 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT [2008.11.11 06:19:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.03 20:05:27 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.11.03 20:05:27 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.11.03 20:05:27 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.11.03 20:05:27 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.11.03 20:05:27 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.11.03 20:05:27 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.11.03 20:05:27 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.11.03 20:05:27 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.11.03 20:05:27 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.11.03 20:05:27 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.11.03 20:05:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.11.03 20:05:27 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.11.03 20:05:27 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.11.03 20:05:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.11.03 20:05:27 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.11.03 20:05:27 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.11.03 20:05:27 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.11.03 20:05:27 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.11.03 20:05:27 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.10.18 09:54:09 | 000,000,000 | ---- | C] () -- C:\Users\_\AppData\Roaming\Default.PLS [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.07.21 19:56:40 | 003,782,416 | ---- | C] () -- C:\Windows\System32\Mso97.dll [2008.06.05 09:04:20 | 000,031,910 | ---- | C] () -- C:\Windows\MSUMLT0G.INI [2008.04.05 14:36:26 | 000,000,326 | ---- | C] () -- C:\Windows\tm.ini [2008.02.17 18:40:57 | 000,022,528 | ---- | C] () -- C:\Users\_\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.09 18:24:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.02.09 16:31:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.09 16:17:44 | 000,000,089 | ---- | C] () -- C:\Users\_\AppData\Local\fusioncache.dat [2008.02.09 16:06:33 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.01.14 15:31:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.01.14 15:31:57 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.01.14 12:05:44 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.01.14 12:05:44 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.01.14 10:59:00 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.12.12 16:49:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.12.12 14:45:55 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2007.05.01 15:34:56 | 002,011,136 | ---- | C] () -- C:\Windows\System32\SaiCFF12.Dll [2007.05.01 15:34:56 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0C.dll [2007.05.01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_10.dll [2007.05.01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0A.dll [2007.05.01 15:34:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF12_07.dll [2007.05.01 15:34:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCFF12_09.dll [2007.05.01 15:34:56 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCFF12_0402.dll [2007.05.01 15:34:56 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCFF12_11.dll [2006.11.02 16:33:31 | 000,637,762 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,130,084 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,352,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,603,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,107,150 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.16 07:58:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\aspolyzt.dll [2006.05.03 22:40:42 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys [2005.10.11 20:54:48 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe [2005.07.06 11:59:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\asdrawli.dll [2005.07.04 14:17:30 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ASDRAWMA.DLL [2005.02.02 02:29:12 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe [2004.08.17 16:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\AS_SORT.DLL [2003.05.22 11:31:44 | 000,033,792 | ---- | C] () -- C:\Windows\System32\ASDRAW32.DLL [2003.01.18 00:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini [2002.07.12 15:29:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AS_MDB32.DLL ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.10 12:53:26 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.11.09 17:09:10 | 000,000,000 | -HSD | M] -- C:\Boot [2011.07.17 15:18:29 | 000,000,000 | ---D | M] -- C:\CDHOME [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.02.09 16:14:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.12.12 15:48:22 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.09 13:54:23 | 000,000,000 | ---D | M] -- C:\MyWorks [2008.11.09 14:21:02 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.02.21 14:50:22 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.02 17:42:41 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.02.09 16:14:13 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.17 15:12:31 | 000,000,000 | ---D | M] -- C:\STONEAXE [2012.03.16 10:06:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.03.10 13:13:54 | 000,000,000 | R--D | M] -- C:\Users [2012.03.16 09:56:58 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.14 06:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 06:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 06:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.14 06:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.12.03 14:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.12.03 14:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys [2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.14 22:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.11.14 22:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.03.16 17:16:48 | 003,932,160 | -HS- | M] () -- C:\Users\_\ntuser.dat [2012.03.16 17:16:48 | 000,262,144 | -H-- | M] () -- C:\Users\_\ntuser.dat.LOG1 [2008.02.09 16:17:20 | 000,000,000 | -H-- | M] () -- C:\Users\_\ntuser.dat.LOG2 [2012.03.16 15:42:03 | 000,065,536 | -HS- | M] () -- C:\Users\_\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.06.22 17:44:20 | 000,524,288 | -HS- | M] () -- C:\Users\_\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.03.16 15:42:03 | 000,524,288 | -HS- | M] () -- C:\Users\_\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.02.09 16:17:20 | 000,000,020 | -HS- | M] () -- C:\Users\_\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > ![]() Vielen Dank schon einmal. ![]() |
Themen zu Trojaner/Virus: Bundespolizei verlangt 100€ via Ukash |
0x00000001, avg secure search, avira, babylon, babylon toolbar, babylontoolbar, bho, black, cid, conduit, converter, dealply, desktop, error, excel, flash player, google, grand theft auto, home, iminent, incredibar, incredibar toolbar, incredibar.com, install.exe, intranet, jdownloader, logfile, montera, mozilla, mp3, mystart, nvstor.sys, object, plug-in, problem, realtek, registry, required, scan, secure search, security, security update, software, super, svchost.exe, trojaner, trojaner board, trojaner/virus, virus, vista, vtoolbarupdater, yontoo |