| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: malwarebytes findet trojan.zbot - brauch hilfeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.09.2012, 21:34
| #1 |
 |  malwarebytes findet trojan.zbot - brauch hilfe hallo, nachdem ich bereits vor ein paar wochen von einem trojaner-befall betroffen war (http://www.trojaner-board.de/121246-...che-hilfe.html) muss ich eure hilfe schon wieder in anspruch nehmen -.- bei einem manuellen scan mit Malwarebytes wurde der "trojan.zbot" in der datei C:\WINDOWS\SYSTEM32\TubeFinder.exe gefunden. hab ihn im anschluss an den scan in die quarantäne verschoben. das log dazu: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.07.13 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Christopher :: D67S0N1J [Administrator] 12.09.2012 11:31:28 mbam-log-2012-09-12 (11-31-28).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 389752 Laufzeit: 2 Stunde(n), 51 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\WINDOWS\SYSTEM32\TubeFinder.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) otl: Code:
ATTFilter OTL logfile created on: 12.09.2012 17:25:17 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Dokumente und Einstellungen\Christopher\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,08 Mb Total Physical Memory | 558,73 Mb Available Physical Memory | 54,67% Memory free 2,40 Gb Paging File | 1,85 Gb Available in Paging File | 77,22% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 295,22 Gb Total Space | 185,57 Gb Free Space | 62,86% Space Free | Partition Type: NTFS Drive E: | 747,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF1.02 Computer Name: D67S0N1J | User Name: Christopher | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.12 17:25:00 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.10 19:29:33 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.21 09:51:59 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe PRC - [2012.05.08 21:00:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:00:04 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 21:00:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.12 15:17:02 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2010.04.05 14:26:46 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.06.28 06:46:40 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2007.02.02 18:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe PRC - [2006.07.23 03:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe PRC - [2006.03.17 23:59:02 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\SYSTEM32\UAService7.exe PRC - [2005.05.20 18:20:06 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2005.01.28 14:35:58 | 000,434,176 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2005.01.27 02:02:00 | 000,086,016 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe PRC - [2004.12.10 12:45:26 | 000,049,152 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE PRC - [2004.06.29 12:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Application Accelerator\IAAnotif.exe PRC - [2004.06.29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Application Accelerator\IAANTmon.exe PRC - [2004.04.20 13:05:56 | 000,118,784 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\BACS\BacsTray.exe PRC - [2004.03.11 10:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE PRC - [2003.09.17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe PRC - [2003.06.18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 07:15:32 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll MOD - [2012.06.13 07:15:09 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll MOD - [2012.06.13 07:11:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.13 07:10:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.05.09 22:37:55 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 22:37:40 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.08 21:00:53 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.06.12 15:17:02 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.03.29 08:42:20 | 000,159,744 | ---- | M] () -- C:\Programme\Essentials Codec Pack\Haali\mmfinfo.dll MOD - [2008.03.29 08:41:52 | 000,023,552 | ---- | M] () -- C:\Programme\Essentials Codec Pack\Haali\mkunicode.dll MOD - [2007.06.28 06:46:20 | 000,061,496 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2005.05.09 17:03:56 | 000,155,648 | ---- | M] () -- C:\Programme\FRITZ!DSL\SSLEAY32.DLL MOD - [2005.05.09 17:03:24 | 000,790,528 | ---- | M] () -- C:\Programme\FRITZ!DSL\LIBEAY32.DLL MOD - [2005.01.28 14:31:34 | 000,045,056 | ---- | M] () -- C:\Programme\Logitech\SetPoint\gamehook.dll MOD - [2005.01.27 02:02:00 | 000,086,016 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\SYSTEM32\pdfcmnnt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\MOBCleanup.exe -- (MOBCleanup) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.09.07 17:54:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.24 16:29:07 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 21:00:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:00:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.12 15:17:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.04.05 14:26:46 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe -- (bgsvcgen) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2006.03.17 23:59:02 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\UAService7.exe -- (UserAccess7) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.05.20 18:20:06 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.05.09 16:58:44 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) SRV - [2004.06.29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 21:00:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb) DRV - [2012.05.08 21:00:58 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt) DRV - [2011.12.09 13:40:20 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys -- (avkmgr) DRV - [2011.06.12 17:39:36 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys -- (sptd) DRV - [2010.10.22 03:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fwlanusb.sys -- (FWLANUSB) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.05 14:26:46 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.09.22 23:40:17 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMM.sys -- (vmm) DRV - [2009.07.22 22:58:47 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt) DRV - [2009.07.22 22:58:47 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt) DRV - [2009.03.27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cpuz132_x32.sys -- (cpuz132) DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum) DRV - [2008.03.17 11:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2007.01.29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMNetSrv.sys -- (VPCNetS2) DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avmeject.sys -- (avmeject) DRV - [2006.11.30 14:58:42 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44unic.sys -- (se44unic) DRV - [2006.11.30 14:58:34 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44obex.sys -- (se44obex) DRV - [2006.11.30 14:58:32 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44nd5.sys -- (se44nd5) DRV - [2006.11.30 14:58:30 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44mgmt.sys -- (se44mgmt) DRV - [2006.11.30 14:58:26 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44mdm.sys -- (se44mdm) DRV - [2006.11.30 14:58:24 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44mdfl.sys -- (se44mdfl) DRV - [2006.11.30 14:58:18 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44bus.sys -- (se44bus) DRV - [2006.11.07 09:42:30 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200obex.sys -- (w200obex) DRV - [2006.11.07 09:42:28 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200mgmt.sys -- (w200mgmt) DRV - [2006.11.07 09:42:24 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200mdm.sys -- (w200mdm) DRV - [2006.11.07 09:42:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200mdfl.sys -- (w200mdfl) DRV - [2006.11.07 09:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200bus.sys -- (w200bus) DRV - [2004.12.10 12:48:46 | 000,024,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidKE.Sys -- (LHidKe) DRV - [2004.12.10 12:48:40 | 000,068,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE) DRV - [2004.12.10 12:48:18 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsbK.sys -- (LHidUsbK) DRV - [2004.12.10 12:48:08 | 000,052,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042MOU.SYS -- (L8042mou) DRV - [2004.12.10 12:47:58 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys -- (L8042Kbd) DRV - [2004.08.12 16:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k) DRV - [2004.08.06 18:29:14 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT) DRV - [2004.08.06 11:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) DRV - [2004.07.13 11:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k) DRV - [2004.07.13 11:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia) DRV - [2004.07.13 11:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k) DRV - [2004.07.13 11:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k) DRV - [2004.07.13 11:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv) DRV - [2004.07.13 11:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k) DRV - [2004.05.29 18:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k) DRV - [2004.05.07 07:38:58 | 000,026,624 | ---- | M] (Siemens AG ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\siusbmod.sys -- (siusbmod) DRV - [2004.03.09 12:18:09 | 000,065,504 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\prohlp02.sys -- (prohlp02) DRV - [2004.03.09 11:45:49 | 000,077,184 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfhlp01.sys -- (sfhlp01) DRV - [2003.11.12 21:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\prosync1.sys -- (prosync1) DRV - [2003.07.16 08:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl) DRV - [2002.11.08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) DRV - [2001.08.17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HIDSwvd.sys -- (HIDSwvd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2 FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.21 09:53:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.07 17:54:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.07 17:54:22 | 000,000,000 | ---D | M] [2009.10.06 08:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Extensions [2009.10.06 08:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2012.08.13 19:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions [2012.05.18 10:54:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions\ich@maltegoetz.de [2010.02.01 10:16:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions\moveplayer@movenetworks.com [2012.07.25 17:39:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.05.31 17:53:11 | 000,001,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{38AEB6D0-12B8-4A84-9A82-FFA2FBEE57CA}.xml [2011.06.06 20:42:15 | 000,001,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{7B9FA70C-BAB5-413D-9F13-33F3E1C17580}.xml [2011.05.31 17:53:11 | 000,002,071 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{8208E2D1-D64B-4104-B323-B893E9B6A8BD}.xml [2011.05.31 17:53:11 | 000,002,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{DB54C858-AEAD-40BF-AC18-0A2FB91F3979}.xml [2012.09.07 17:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.07 17:54:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.21 09:53:20 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2009.09.02 00:38:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.09.07 17:54:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll [2012.03.03 23:12:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2006.07.23 17:34:38 | 000,114,688 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npmozax.dll [2008.01.27 02:18:46 | 000,155,648 | ---- | M] (PopCap Games) -- C:\Programme\mozilla firefox\plugins\nppopcaploader.dll [2012.06.21 09:52:16 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll [2011.05.31 17:53:10 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 07:59:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.05.31 17:53:10 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.05.31 17:53:10 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.31 17:53:10 | 000,002,221 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011.05.31 17:53:10 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.31 17:53:10 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2012.08.15 20:40:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [bacstray] C:\Programme\Broadcom\BACS\\BacsTray.exe () O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.mcafee.com/molbin/shared/mcgdmgr/de/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82A92428-55E5-4973-A6DE-791180CC117B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.03.06 16:54:36 | 000,000,031 | R--- | M] () - E:\autorun.inf -- [ UDF1.02 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.12 17:24:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL.exe [2012.09.12 14:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.09.12 11:30:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.09.07 17:54:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.09.04 18:19:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD Video Downloader [2012.09.04 18:19:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\YTD Video Downloader [2012.08.31 15:16:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IndustrieGigant 2 [2012.08.31 15:13:06 | 000,000,000 | ---D | C] -- C:\Programme\IndustrieGigant 2 [2012.08.30 12:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.08.18 12:27:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2012.08.15 20:46:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012.08.14 18:15:29 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.08.14 18:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [3 C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.12 17:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.12 17:28:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.12 17:25:00 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL.exe [2012.09.12 17:23:58 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\Defogger.exe [2012.09.12 16:00:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job [2012.09.12 14:46:35 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.ics [2012.09.12 14:46:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2012.09.12 14:45:46 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2257774982-1209123923-1774505960-1006.job [2012.09.12 14:45:44 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.12 14:45:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2012.09.12 14:45:33 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys [2012.09.12 14:44:55 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx [2012.09.12 14:44:55 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx [2012.09.12 14:44:55 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx [2012.09.12 14:44:55 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx [2012.09.12 14:44:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2012.09.12 14:44:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2012.09.12 14:44:55 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000000-00001102-00000004-20061102}.dat [2012.09.12 14:44:55 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-20061102}.dat [2012.09.12 14:43:52 | 004,932,302 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-20061102}.CDF [2012.09.07 22:16:02 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2257774982-1209123923-1774505960-1006.job [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.03 08:15:09 | 000,001,897 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\.si_tool [2012.08.30 12:36:30 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.18 22:54:44 | 000,176,128 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.15 20:58:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.08.15 20:40:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2012.08.14 18:15:34 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI [3 C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.12 17:23:56 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\Defogger.exe [2012.08.14 18:15:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.08.14 18:15:32 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.08.13 19:32:35 | 1071,804,416 | -HS- | C] () -- C:\hiberfil.sys [2012.08.04 11:53:52 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\defogger_reenable [2012.05.10 18:39:03 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.04.18 17:01:26 | 000,002,938 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\.recently-used.xbel [2011.01.14 22:31:16 | 000,001,897 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\.si_tool [2010.12.30 21:49:09 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.12.30 21:49:06 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.12.30 21:49:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.10.29 19:51:41 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe [2007.11.20 22:49:38 | 000,005,095 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xnwfyhdk.mld [2007.05.05 14:26:52 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\RefEdit.exd [2006.06.13 12:30:39 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2005.05.20 17:35:36 | 000,176,128 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.05.19 15:10:54 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2012.05.10 18:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2012.01.28 17:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2012.03.15 23:15:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar [2011.07.10 21:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2012.09.08 19:06:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2006.09.14 17:59:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap [2012.03.15 22:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software [2005.09.17 16:11:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.07.22 23:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages [2008.04.15 18:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2008.08.26 21:49:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2010.08.29 20:31:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2012.09.04 18:19:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader [2012.09.04 18:19:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD Video Downloader [2008.03.03 19:10:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2011.07.10 21:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\AquaSoft [2012.05.10 18:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Canneverbe Limited [2012.05.06 17:58:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Check Point Software Technologies LTD [2012.05.06 17:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\CheckPoint [2005.08.02 20:40:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ChessBase [2011.08.18 20:32:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009.05.01 12:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Cornelsen [2009.07.21 15:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\DesktopPlayer [2008.07.18 18:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Dev-Cpp [2009.06.16 19:55:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\flightgear.org [2010.04.05 10:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\FreeFLVConverter [2011.07.10 21:01:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\gtk-2.0 [2012.05.25 20:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ICQ [2005.12.03 17:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ICQLite [2005.06.21 18:37:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Leadertech [2012.03.02 21:19:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\LolClient [2012.05.24 08:32:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\LolClient2 [2005.06.07 22:22:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\MobileAction [2011.05.13 17:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\MyPhoneExplorer [2011.05.01 21:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\NesterSoft [2011.05.31 17:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS [2011.07.10 21:03:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Opera [2010.04.05 14:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Pegasys Inc [2012.03.15 23:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Swiss Academic Software [2010.11.04 18:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\T-Online [2009.01.26 19:36:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Teleca [2005.07.20 14:33:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Template [2009.10.06 08:20:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\TomTom [2009.07.22 23:08:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Ubisoft [2009.10.10 11:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Vodafone [2008.07.20 19:55:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\WinTrack [2012.03.03 18:43:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Wise Registry Cleaner [2008.03.03 19:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Zylom [2005.05.20 23:00:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.09.2012 17:25:17 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Dokumente und Einstellungen\Christopher\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,08 Mb Total Physical Memory | 558,73 Mb Available Physical Memory | 54,67% Memory free
2,40 Gb Paging File | 1,85 Gb Available in Paging File | 77,22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 295,22 Gb Total Space | 185,57 Gb Free Space | 62,86% Space Free | Partition Type: NTFS
Drive E: | 747,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF1.02
Computer Name: D67S0N1J | User Name: Christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0ADF1B89-17EA-489C-86DF-6E33DA8520A6}_is1" = flatster
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.2
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{39678AE6-CC1B-11D8-9E00-000374890932}" = Need for Speed - Underground 2
"{3D988833-5353-4926-ABA2-F4ED405A69D1}" = Domino Day
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1" = FLV Converter 3.0
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{70A342A9-C719-4F19-BFD2-AEE8EFB214A8}" = Flatout
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.8.0
"{8283FCCD-AC71-4DC1-A81E-4F244FBBE11D}" = T-Online 5.0
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C99E9B3-292B-4E0D-A719-998AFF4DB27C}" = Philips GoGear Digital Audio Player
"{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}" = ODF Add-in für Microsoft Word
"{8D914DD2-F3CE-44E4-9498-E7EED093281C}_is1" = IndustrieGigant 2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.8
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABF70089-CC49-11D8-9E00-000374890932}" = Metal Gear Solid 3 - Snake Eater
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE8349C-17B2-4527-8D46-EA584E81F0CA}" = MP3 Player Product Tools
"{ADD31791-D676-4A7B-8FA8-A6EE7F1B4E5A}" = JourneySoftwarePromo
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1A455B8-1EC9-44E5-A158-DFBC978383F0}" = TMPGEnc DVD Author 3 with DivX Authoring Testversion
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEAD2D69-1FDE-4A4B-82AC-A222BEB6777D}_is1" = Abi-Schnitt-Rechner 1.2
"{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}" = USB 2.0 Card Reader
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D460F2F5-645E-489F-AB9A-DEB24C47C2B5}" = T-Online Installationsdateien
"{D5C98CE7-4D24-4A83-AC9D-C94FB1F766F0}" = UieupagyMpl
"{D71EA855-E219-11D8-9E00-0004769EEFEB}" = Halo 2
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF204E20-C29C-4434-BCFE-D9BAF76CEF8D}" = Sun ODF Plugin for Microsoft Office 3.1
"{E117043B-5227-47E9-AC4C-BFB792D5820F}" = Yu-Gi-Oh! ONLINE 3
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC6B304A-044A-46AE-B761-D1202720D93A}" = VOB2MPG v3
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{F618BFCB-BCD8-4698-BEE8-B0C5FD75DA23}" = Flary Address
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CornelsenSTVP42" = Cornelsen Stoffverteilungsplaner 4.2
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"Der IndustrieGigant" = Der IndustrieGigant
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FLV-Media Player" = FLV-Media Player 1.8
"Formel 2 Bild Editor 1" = Formel 2 Bild Editor 1
"Funktion" = Funktion
"GameSpy Arcade" = GameSpy Arcade
"HLSW_is1" = HLSW v1.0.0.36
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"HTML Studio_is1" = HTML Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaInfo" = MediaInfo 0.7.5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Passfoto Manager_is1" = Passfoto Manager Ver. 1.3
"RealPlayer 15.0" = RealPlayer
"SearchAnonymizer" = SearchAnonymizer
"SprayR" = SprayR 1.0 RC7b
"ST4UNST #1" = Peck's Power Join
"ST6UNST #1" = CDCoverFixPrint 1.70
"Steam(TM)" = Steam(TM)
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"TIMELEFT3_is1" = TimeLeft
"Timers" = Timers
"TmNationsForever_is1" = TmNationsForever
"TomTom HOME" = TomTom HOME 2.7.2.1825
"T-Online Copas" = T-Online Copas
"Toolbox English" = Toolbox English
"UnderCoverXP_is1" = UnderCoverXP 1.08
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 07:37:43 | Computer Name = D67S0N1J | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.2627.0, faulting module
winword.exe, version 10.0.2627.0, fault address 0x002feceb.
Error - 31.07.2012 02:40:47 | Computer Name = D67S0N1J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00011689.
Error - 02.08.2012 07:13:45 | Computer Name = D67S0N1J | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 02.08.2012 07:13:50 | Computer Name = D67S0N1J | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 04.08.2012 04:40:41 | Computer Name = D67S0N1J | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error - 04.08.2012 04:42:46 | Computer Name = D67S0N1J | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error - 04.08.2012 05:34:39 | Computer Name = D67S0N1J | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
Error - 07.08.2012 02:39:30 | Computer Name = D67S0N1J | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
Error - 07.08.2012 08:41:43 | Computer Name = D67S0N1J | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
Error - 06.09.2012 12:12:19 | Computer Name = D67S0N1J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ig2.exe, Version 2.1.0.0, fehlgeschlagenes
Modul binkw32.dll, Version 1.5.7.0, Fehleradresse 0x0000ea4e.
[ System Events ]
Error - 11.09.2012 02:13:07 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MOBCleanup" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.09.2012 02:05:03 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
Update Service (gupdate).
Error - 12.09.2012 02:05:03 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 12.09.2012 02:05:03 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MOBCleanup" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.09.2012 05:27:53 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
Update Service (gupdate).
Error - 12.09.2012 05:27:54 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 12.09.2012 05:27:54 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MOBCleanup" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.09.2012 08:45:50 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
Update Service (gupdate).
Error - 12.09.2012 08:45:50 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 12.09.2012 08:45:50 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MOBCleanup" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-12 22:26:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.0.1.
Running: p1itllnz.exe; Driver: C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\fxtyapog.sys
---- System - GMER 1.0.15 ----
SSDT B7EF0B0C ZwClose
SSDT B7EF0AC6 ZwCreateKey
SSDT B7EF0B16 ZwCreateSection
SSDT B7EF0ABC ZwCreateThread
SSDT B7EF0ACB ZwDeleteKey
SSDT B7EF0AD5 ZwDeleteValueKey
SSDT B7EF0B07 ZwDuplicateObject
SSDT B7EF0ADA ZwLoadKey
SSDT B7EF0AA8 ZwOpenProcess
SSDT B7EF0AAD ZwOpenThread
SSDT B7EF0B2F ZwQueryValueKey
SSDT B7EF0AE4 ZwReplaceKey
SSDT B7EF0B20 ZwRequestWaitReplyPort
SSDT B7EF0ADF ZwRestoreKey
SSDT B7EF0B1B ZwSetContextThread
SSDT B7EF0B25 ZwSetSecurityObject
SSDT B7EF0AD0 ZwSetValueKey
SSDT B7EF0B2A ZwSystemDebugControl
SSDT B7EF0AB7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
? hmdqpdyn.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF4FDE3A0, 0x5CC259, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB0CFA300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF39B0300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\program files\real\realplayer\update\realsched.exe[2344] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \Driver\prodrv06 \Device\ProDrv06 E2041478
Device \Driver\iaStor \Device\Ide\iaStor0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E19229B0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
ich hoffe das ihr mir helfen könnt, auch hier glimpflich raus zu kommen. vielen dank schonmal für die hilfe! |
| Themen zu malwarebytes findet trojan.zbot - brauch hilfe |
| 7-zip, antivir, aufrufe, avg, avira, bho, cdburnerxp, cpu-z, dell computer, dsl, error, firefox, flash player, format, home, intranet, logfile, mozilla, mp3, nodrives, ntdll.dll, object, officejet, pando media booster, plug-in, registry, rundll, scan, security, software, speicherplatz, stick, system, udp, unerwarteter fehler, usb 2.0, visual studio, windows, windows internet |
Baum-Darstellung