Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen

TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen


Log-Analyse und Auswertung: TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.06.2012, 21:42   #1
Invi
 
TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen - Standard

TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen


Hey Leute,
auch ich gehöre nun zu den glücklichen, die sich dem Club der befallenen durch diese Trojaner zuzählen dürfen.

Wie bei den andern hier hab auch ich seit einigen Tagen ununterbrochen Meldungen dieser Trojaner, da wiederholtest entfernen/in Quarantäne verschieben keinen Effekt hatte hab ichs irgendwann einfach ignoriert und so gelassen wies war.
Anfangs warens nur die ersten beiden Trojaner, seit gestern ist nun der neue (TR/Small.FI) aufgetaucht, dafür kommen keine Meldungen mehr von den andern beiden... Vielleicht sind sie ja freiwillig gegangen ^^
Naja wäre super wenn man mir helfen könnte.

OTL log
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.06.2012 20:31:34 - Run 1
OTL by OldTimer - Version 3.2.52.0     Folder = C:\Dokumente und Einstellungen\Invi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,35 Mb Total Physical Memory | 374,84 Mb Available Physical Memory | 36,95% Memory free
2,39 Gb Paging File | 1,44 Gb Available in Paging File | 60,22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,77 Gb Total Space | 15,07 Gb Free Space | 21,30% Space Free | Partition Type: NTFS
 
Computer Name: BLECHBOX | User Name: Invi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.23 20:20:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Invi\Desktop\OTL.exe
PRC - [2012.06.23 16:53:21 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.02.27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.07.07 10:15:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.05.04 14:22:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.01 15:24:17 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.06 13:25:14 | 000,720,704 | ---- | M] (TuneUp Software) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2010.07.06 13:23:40 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesService32.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.07 15:35:00 | 000,053,544 | ---- | M] (Guillemot Corporation) -- C:\WINDOWS\system32\HerculesWiFiService.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.13 17:59:14 | 000,346,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2007.12.13 17:57:24 | 002,095,640 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2006.11.13 13:50:28 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\wcescomm.exe
PRC - [2006.11.13 13:50:16 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\rapimgr.exe
PRC - [2006.07.14 18:05:32 | 000,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006.07.14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2006.07.14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2005.07.19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005.06.08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Video\LogiTray.exe
PRC - [2005.06.08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Video\FxSvr2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.23 16:53:20 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.13 19:30:30 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.05.18 15:34:48 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.05.13 00:45:00 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.13 00:44:48 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.05 19:05:05 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2010.07.16 18:52:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\WinRar\RarExt.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
MOD - [2006.07.14 17:35:28 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2006.07.14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
MOD - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv)
SRV - [2012.06.23 16:53:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.07.07 10:15:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.04 14:22:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.29 12:50:14 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.07.06 13:23:40 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.07.06 13:20:38 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.05.07 15:35:00 | 000,053,544 | ---- | M] (Guillemot Corporation) [Auto | Running] -- C:\WINDOWS\system32\HerculesWiFiService.exe -- (HerculesWiFi)
SRV - [2006.07.14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006.07.14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psadd.sys -- (psadd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Invi\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.07.07 10:15:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.07 10:15:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.15 11:26:24 | 000,583,552 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.09.25 18:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008.08.28 23:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2006.05.10 09:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005.05.27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.10.08 12:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001.08.17 12:14:52 | 000,952,007 | ---- | M] (Eicon Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\disdn\Diwan.sys -- (DiWan)
DRV - [2001.08.17 12:13:52 | 000,091,305 | ---- | M] (Eicon Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disdn\dimaint.sys -- (DiMaint)
DRV - [2001.08.17 12:13:48 | 000,164,923 | ---- | M] (Eicon Technology) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\disdn\capi20.sys -- (DiCapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "109.123.126.253"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.23 16:53:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.11 17:18:19 | 000,000,000 | ---D | M]
 
[2010.07.16 23:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Extensions
[2012.06.21 20:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions
[2011.06.29 16:30:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.21 20:56:53 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions\info@djzig.com
[2012.01.07 12:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.06 13:57:53 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INVI\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\88AS021Z.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.15 19:59:05 | 000,182,698 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INVI\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\88AS021Z.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.23 16:53:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.06.23 16:53:11 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 16:53:11 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.23 16:53:11 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 16:53:11 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 16:53:11 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 16:53:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.31 12:34:25 | 000,001,017 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKCU..\Run: [Facebook Update] C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Invi\Startmenü\Programme\Autostart\CurseClientStartup.ccip ()
O4 - Startup: C:\Dokumente und Einstellungen\Invi\Startmenü\Programme\Autostart\WiFi Station N.lnk = C:\Programme\Hercules\WiFiStationN\WiFiN.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA1440BA-BAE0-44F7-9E91-7CBF25A5A6D2}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.23 20:34:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2012.06.23 20:34:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2012.06.23 20:20:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Invi\Desktop\OTL.exe
[2012.06.23 20:19:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Invi\Desktop\Virus kram
[2012.06.20 11:40:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2012.06.20 11:39:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2012.06.19 21:40:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.10.26 16:07:46 | 001,382,304 | ---- | C] (DownVision                                                  ) -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\setup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.23 20:29:05 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\defogger_reenable
[2012.06.23 20:26:41 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\ugsw52w2.exe
[2012.06.23 20:25:43 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.23 20:20:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Invi\Desktop\OTL.exe
[2012.06.23 20:19:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\Defogger.exe
[2012.06.23 19:05:03 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005UA.job
[2012.06.23 16:49:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.23 16:49:23 | 1063,694,336 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.23 16:05:02 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005Core.job
[2012.06.17 18:07:12 | 000,055,281 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\itunes-50-de.jpg
[2012.06.16 20:18:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.06.13 19:21:46 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 17:48:40 | 000,527,846 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.13 17:48:40 | 000,502,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.13 17:48:40 | 000,105,808 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.13 17:48:40 | 000,088,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.13 17:34:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.12 17:49:42 | 000,072,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\fischkugel.jpg
[2012.06.11 23:30:41 | 000,035,541 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\dat ass.jpg
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012.06.02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012.06.02 15:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012.06.02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012.06.02 15:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012.06.02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012.06.02 15:18:58 | 000,018,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.23 20:29:05 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\defogger_reenable
[2012.06.23 20:27:51 | 000,001,648 | ---- | C] () -- C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\00000001.@
[2012.06.23 20:26:39 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\ugsw52w2.exe
[2012.06.23 20:19:38 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\Defogger.exe
[2012.06.21 17:24:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\80000000.@
[2012.06.20 12:45:34 | 000,018,944 | ---- | C] () -- C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\800000cb.@
[2012.06.17 18:07:11 | 000,055,281 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\itunes-50-de.jpg
[2012.06.12 17:49:33 | 000,072,392 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\fischkugel.jpg
[2012.06.11 23:30:39 | 000,035,541 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\dat ass.jpg
[2012.05.18 20:16:40 | 000,073,320 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.04.16 20:13:47 | 000,154,104 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2012.04.16 20:13:46 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2012.04.15 22:58:35 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012.02.15 14:44:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.12 01:46:04 | 000,019,160 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.10.26 16:07:53 | 000,000,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\ea sports online pass.exe.torrent
[2011.10.26 16:07:04 | 000,459,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\promo.exe
[2011.09.24 11:18:39 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\$_hpcst$.hpc
[2011.02.25 19:50:52 | 000,001,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\.recently-used.xbel
[2011.02.09 15:13:27 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\d3d9caps.dat
[2011.01.20 10:39:37 | 000,000,180 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Current.prx
[2011.01.05 19:05:05 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011.01.05 19:05:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010.12.22 09:33:21 | 000,000,019 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\user.PROKISS
[2010.10.09 02:06:16 | 000,000,261 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2010.08.04 18:02:09 | 000,119,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.18 01:04:13 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010.07.18 01:04:09 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.07.17 04:16:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.17 02:10:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.07.16 23:29:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.07.16 20:07:57 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\Procdb.ini
[2010.07.16 19:53:26 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.07.16 19:40:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.07.16 19:11:03 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010.07.16 19:05:54 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010.07.16 19:03:06 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.07.16 19:02:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010.07.16 19:02:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010.07.16 19:02:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010.07.16 19:02:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010.07.16 19:02:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010.07.16 19:02:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010.07.16 18:57:11 | 000,650,608 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010.07.16 18:57:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010.07.16 18:56:48 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2010.07.16 18:56:48 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2010.07.16 18:56:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2010.07.16 18:56:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2010.07.16 18:52:17 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2010.07.16 18:46:54 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\DIVAprop.dll
[2010.07.16 18:46:54 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\divasu.dll
[2010.07.16 18:46:54 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\divaci.dll
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\@
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\@

< End of report >
--- --- ---


Extras
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.06.2012 20:31:34 - Run 1
OTL by OldTimer - Version 3.2.52.0     Folder = C:\Dokumente und Einstellungen\Invi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,35 Mb Total Physical Memory | 374,84 Mb Available Physical Memory | 36,95% Memory free
2,39 Gb Paging File | 1,44 Gb Available in Paging File | 60,22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,77 Gb Total Space | 15,07 Gb Free Space | 21,30% Space Free | Partition Type: NTFS
 
Computer Name: BLECHBOX | User Name: Invi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0523EAF4-402C-4435-A0DA-13C40193D811}" = Logitech GamePanel Software 2.02
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54A9A9E1-8C4C-44FE-AA6B-182EA1E779FD}" = Hercules WiFi Station N
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"JDownloader" = JDownloader
"Macro Express 3" = Macro Express 3
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49b
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opera 11.01.1190" = Opera 11.01
"Proxifier_is1" = Proxifier version 2.91
"QcDrv" = Logitech® Camera-Treiber
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Skat-Online V9" = Skat-Online V9
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 16:43:24 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3906
 
Error - 13.06.2012 16:43:24 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3906
 
Error - 15.06.2012 10:15:59 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.06.2012 10:15:59 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1985
 
Error - 15.06.2012 10:15:59 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1985
 
Error - 15.06.2012 10:16:01 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.06.2012 10:16:01 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4000
 
Error - 15.06.2012 10:16:01 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4000
 
Error - 19.06.2012 16:05:09 | Computer Name = BLECHBOX | Source = Google Update | ID = 20
Description = 
 
Error - 23.06.2012 10:49:45 | Computer Name = BLECHBOX | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 22.06.2012 05:59:04 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.06.2012 11:07:26 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 22.06.2012 11:07:26 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 22.06.2012 11:07:26 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.06.2012 19:20:10 | Computer Name = BLECHBOX | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 22.06.2012 19:21:30 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 22.06.2012 19:21:30 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 22.06.2012 19:21:30 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 23.06.2012 04:11:25 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 23.06.2012 10:51:04 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
 
< End of report >
--- --- ---


Und GMER log, der wurde aber abgebrochen nachdem er einen Rootkit auffand
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-23 22:29:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721680PLA380 rev.P21OABBA
Running: ugsw52w2.exe; Driver: C:\DOKUME~1\Invi\LOKALE~1\Temp\uwrdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            F7BF91A4                                                                          ZwClose
SSDT            F7BF915E                                                                          ZwCreateKey
SSDT            F7BF91AE                                                                          ZwCreateSection
SSDT            F7BF9154                                                                          ZwCreateThread
SSDT            F7BF9163                                                                          ZwDeleteKey
SSDT            F7BF916D                                                                          ZwDeleteValueKey
SSDT            F7BF919F                                                                          ZwDuplicateObject
SSDT            F7BF9172                                                                          ZwLoadKey
SSDT            F7BF9140                                                                          ZwOpenProcess
SSDT            F7BF9145                                                                          ZwOpenThread
SSDT            F7BF917C                                                                          ZwReplaceKey
SSDT            F7BF9177                                                                          ZwRestoreKey
SSDT            F7BF91B3                                                                          ZwSetContextThread
SSDT            F7BF9168                                                                          ZwSetValueKey
SSDT            F7BF914F                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

?               dimaint.sys                                                                       Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Mozilla Firefox\firefox.exe[3736] ntdll.dll!LdrLoadDll               7C92632D 5 Bytes  JMP 0115FA35 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Programme\Mozilla Firefox\firefox.exe[3736] kernel32.dll!VirtualAlloc          7C809AF1 5 Bytes  JMP 014007C5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Programme\Mozilla Firefox\firefox.exe[3736] kernel32.dll!MapViewOfFile         7C80B9A5 5 Bytes  JMP 0140079E C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Programme\Mozilla Firefox\firefox.exe[3736] GDI32.dll!CreateDIBSection         77EF9E19 5 Bytes  JMP 01400728 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                          fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library         c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [568]           0x45670000                                                                                
Library         c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1724]  0x45670000                                                                                

---- EOF - GMER 1.0.15 ----
Schonmal danke im vorraus

 

Themen zu TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen
32 bit, antivir, avira, bho, bonjour, cdburnerxp, converter, error, firefox, firefox 13.0.1, flash player, fontcache, format, hdaudio.sys, jdownloader, launch, lenovo, limited.com/facebook, logfile, mozilla, mp3, ntdll.dll, object, plug-in, realtek, registry, rootkit, rundll, scan, searchscopes, security, server, software, super, svchost.exe, teamspeak, trojaner, version=1.0, virus, windows internet


« Leistungseinbruch, mouse cursor verschwindet hin und wieder bitte um log check | Prüfung des PC 26.06.12 »


Ähnliche Themen: TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen


  1. Trojaner TR/Sirefef.BC.57, TR/Sirefef.AG.9, TR/ATRAPS.Gen2, TR/Necurs.A.71 und SpyHunter 4 auf Rechner
    Log-Analyse und Auswertung - 07.05.2013 (7)
  2. Trojanische Pferde: TR/Small.FI; TR/Sirefef.AG.35; TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 16.07.2012 (7)
  3. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  4. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  5. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  6. Trojaner-Dauerschleife: TR/ATRAPS.Gen2 ; TR/Sirefef.AG.35 ; TR/Small.FI
    Log-Analyse und Auswertung - 06.07.2012 (15)
  7. Anfangs TR/Dropper.Gen, nun permanente Meldungen zu TR/Sirefef.AG.35, TR/ATRAPS.Gen2 und TR/Small.FI
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (41)
  8. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  9. TR/ATRAPS.Gen2 ,TR/Sirefef.AG.35,TR/Small.FI Bei xp home pc
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  10. Probleme mit Trojan.Small, Trojan.Sirefef.AG.35, Rootkid.0Access,TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 28.06.2012 (23)
  11. TR/Atraps.Gen2 TR/Sirefef.AG.35 TR/Small.FI - Gmer meldet Rootkit Aktivität
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (8)
  12. Trojanerbefall: Sirefef.AG.35, ATRAPS.GEN2, Small.FI
    Log-Analyse und Auswertung - 21.06.2012 (11)
  13. Vier Trojaner: TR/ATRAPS.Gen2, TR/Sirefef.AG.35, TR/Small.FI, TR/Dldr.Phdet.E.36
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  14. Trojaner TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI auf meinem PC
    Plagegeister aller Art und deren Bekämpfung - 17.06.2012 (19)
  15. doppelt: Sirefef.AG.35, ATRAPS.GEN2 u. Small.FI Befall
    Mülltonne - 17.06.2012 (0)
  16. Avira meldet Trojaner: TR/Sirefef.GC.1; TR/Small.FI und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (3)
  17. Antivir zeigt stänidg Fund von TR/ATRAPS.Gen2, TR/Sirefef.AG.35 und TR/Small.FI an
    Plagegeister aller Art und deren Bekämpfung - 02.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen - Hey Leute, auch ich gehöre nun zu den glücklichen, die sich dem Club der befallenen durch diese Trojaner zuzählen dürfen. Wie bei den andern hier hab auch ich seit einigen - TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen...
Archiv
Du betrachtest: TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19